U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
There are 3,174 matching records.
Displaying matches 2,221 through 2,240.
Vuln ID Summary CVSS Severity
CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Published: May 20, 2016; 6:59:23 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1808

The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: May 20, 2016; 6:59:20 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1807

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

Published: May 20, 2016; 6:59:19 AM -0400
V3.0: 5.1 MEDIUM
V2.0: 1.9 LOW
CVE-2016-1803

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

Published: May 20, 2016; 6:59:15 AM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1802

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

Published: May 20, 2016; 6:59:14 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1801

The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: May 20, 2016; 6:59:13 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-1790

Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

Published: May 20, 2016; 6:59:02 AM -0400
V3.0: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2016-1760

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

Published: March 29, 2016; 11:59:00 AM -0400
V3.0: 6.2 MEDIUM
V2.0: 2.1 LOW
CVE-2016-1788

Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.

Published: March 23, 2016; 9:59:55 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.

Published: March 23, 2016; 9:59:53 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Published: March 23, 2016; 9:59:52 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1784

The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.

Published: March 23, 2016; 9:59:51 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1783

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: March 23, 2016; 9:59:50 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1782

WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

Published: March 23, 2016; 9:59:49 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1781

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

Published: March 23, 2016; 9:59:48 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1780

WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.

Published: March 23, 2016; 9:59:47 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

Published: March 23, 2016; 9:59:46 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1778

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: March 23, 2016; 9:59:45 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1775

TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Published: March 23, 2016; 9:59:42 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1766

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

Published: March 23, 2016; 9:59:34 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM