This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2015-08-16
Product Iphone Os Last view 2020-02-12
Version 8.1.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:iphone_os

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2020-02-12 CVE-2014-8128

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
9.8 2016-07-21 CVE-2016-4610

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
9.8 2016-07-21 CVE-2016-4608

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
5.4 2016-07-21 CVE-2016-4604

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
6.5 2016-07-21 CVE-2016-4592

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.
7.5 2016-07-21 CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
5.4 2016-07-21 CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
8.8 2016-07-21 CVE-2016-4589

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
6.5 2016-07-21 CVE-2016-4587

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
6.1 2016-07-21 CVE-2016-4585

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
3.1 2016-07-21 CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
10 2015-09-18 CVE-2015-5895

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
4.3 2015-08-16 CVE-2015-3729

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

CWE : Common Weakness Enumeration

%idName
33% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (1) CWE-787 Out-of-bounds Write
8% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
8% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
8% (1) CWE-362 Race Condition
8% (1) CWE-284 Access Control (Authorization) Issues
8% (1) CWE-254 Security Features
8% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471

Nessus® Vulnerability Scanner

id Description
2017-11-21 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-324-01.nasl - Type: ACT_GATHER_INFO
2016-11-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-693.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3079-1.nasl - Type: ACT_GATHER_INFO
2016-09-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-610.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote Fedora host is missing a security update.
File: fedora_2016-d957ffbac1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Fedora host is missing a security update.
File: fedora_2016-4728dfe3ec.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X security update that fixes multiple vul...
File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host contains an application that is affected by multiple vulnerab...
File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host is running an application that is affected by multiple vulner...
File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: macosx_Safari9_1_2.nasl - Type: ACT_GATHER_INFO
2016-02-25 Name: An application running on the remote host is affected by multiple remote code...
File: nessus_sqlite_multiple.nasl - Type: ACT_GATHER_INFO
2015-09-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1475-1.nasl - Type: ACT_GATHER_INFO
2015-08-24 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1420-1.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_SecUpd2015-006.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The web browser installed on the remote host is affected by multiple vulnerab...
File: macosx_Safari8_0_8.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO
2015-07-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-476.nasl - Type: ACT_GATHER_INFO
2015-05-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3273.nasl - Type: ACT_GATHER_INFO
2015-05-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-221.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-147.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-207.nasl - Type: ACT_GATHER_INFO