Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 3262 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32755 2 Apple, Wire 2 Iphone Os, Wire 2021-07-16 4.0 MEDIUM 4.3 MEDIUM
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
CVE-2011-0154 2 Apple, Microsoft 3 Iphone Os, Itunes, Windows 2021-06-23 5.1 MEDIUM N/A
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE-2011-3439 2 Apple, Suse 4 Iphone Os, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2021-06-22 9.3 HIGH N/A
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
CVE-2021-1870 3 Apple, Fedoraproject, Webkitgtk 6 Ipad Os, Iphone Os, Mac Os X and 3 more 2021-06-02 7.5 HIGH 9.8 CRITICAL
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-1799 3 Apple, Fedoraproject, Webkitgtk 8 Ipad Os, Iphone Os, Macos and 5 more 2021-06-02 4.3 MEDIUM 6.5 MEDIUM
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
CVE-2021-1801 3 Apple, Fedoraproject, Webkitgtk 7 Ipad Os, Iphone Os, Macos and 4 more 2021-06-02 4.3 MEDIUM 6.5 MEDIUM
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
CVE-2021-1789 3 Apple, Fedoraproject, Webkitgtk 8 Ipados, Iphone Os, Mac Os X and 5 more 2021-06-02 6.8 MEDIUM 8.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-29623 3 Apple, Fedoraproject, Webkitgtk 7 Ipados, Iphone Os, Mac Os X and 4 more 2021-06-02 2.1 LOW 3.3 LOW
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
CVE-2010-1797 1 Apple 1 Iphone Os 2021-05-22 9.3 HIGH N/A
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
CVE-2011-3441 1 Apple 1 Iphone Os 2021-05-22 4.3 MEDIUM N/A
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
CVE-2008-4211 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2021-05-22 10.0 HIGH N/A
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
CVE-2009-1690 2 Apple, Google 3 Iphone Os, Safari, Chrome 2021-05-22 9.3 HIGH N/A
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
CVE-2010-1029 2 Apple, Google 3 Iphone Os, Safari, Chrome 2021-05-22 5.0 MEDIUM N/A
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
CVE-2010-0038 1 Apple 1 Iphone Os 2021-05-22 4.6 MEDIUM N/A
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
CVE-2009-3273 1 Apple 1 Iphone Os 2021-05-22 7.5 HIGH N/A
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVE-2020-3864 2 Apple, Redhat 9 Icloud, Ipados, Iphone Os and 6 more 2021-05-18 7.2 HIGH 7.8 HIGH
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
CVE-2019-8846 2 Apple, Redhat 9 Icloud, Ipados, Iphone Os and 6 more 2021-05-18 9.3 HIGH 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8844 2 Apple, Redhat 10 Icloud, Ipados, Iphone Os and 7 more 2021-05-18 9.3 HIGH 8.8 HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8835 2 Apple, Redhat 9 Icloud, Ipados, Iphone Os and 6 more 2021-05-18 9.3 HIGH 8.8 HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8816 2 Apple, Redhat 10 Icloud, Ipados, Iphone Os and 7 more 2021-05-18 9.3 HIGH 8.8 HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.