Iphone_os - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Iphone_os
(Apple)

Repositories	• https://github.com/madler/zlib • https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff
#Vulnerabilities	3519

Date	Id	Summary	Products	Score	Patch	Annotated
2010-08-16	CVE-2010-1797	Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained...	Iphone_os	N/A
2010-02-03	CVE-2010-0038	Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.	Iphone_os	N/A
2009-09-21	CVE-2009-3273	iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.	Iphone_os	N/A
2009-06-10	CVE-2009-1690	Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM...	Iphone_os, Safari, Chrome	N/A
2014-11-18	CVE-2014-4459	Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.	Iphone_os, Itunes, Mac_os_x, Safari, Tvos	N/A
2014-11-18	CVE-2014-4452	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.	Iphone_os, Itunes, Safari, Tvos	N/A
2014-09-18	CVE-2014-4363	Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.	Iphone_os, Safari	N/A
2019-04-03	CVE-2018-20505	SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).	Icloud, Iphone_os, Itunes, Mac_os_x, Watchos, Sqlite	7.5
2017-12-25	CVE-2017-13861	An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	Iphone_os, Tvos, Watchos	7.8
2017-04-05	CVE-2017-6975	Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.	Iphone_os	6.8