Filtered by vendor Apple
Subscribe
Search
Total
4318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3273 | 1 Apple | 1 Iphone Os | 2019-09-26 | 7.5 HIGH | N/A |
| iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | |||||
| CVE-2013-0980 | 1 Apple | 1 Iphone Os | 2019-09-26 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | |||||
| CVE-2011-3441 | 1 Apple | 1 Iphone Os | 2019-09-26 | 4.3 MEDIUM | N/A |
| libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | |||||
| CVE-2013-0978 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 2.1 LOW | N/A |
| The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | |||||
| CVE-2010-0038 | 1 Apple | 1 Iphone Os | 2019-09-26 | 4.6 MEDIUM | N/A |
| Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | |||||
| CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2019-09-26 | 1.9 LOW | N/A |
| lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | |||||
| CVE-2013-0981 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 7.2 HIGH | N/A |
| The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. | |||||
| CVE-2013-0977 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 4.6 MEDIUM | N/A |
| dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | |||||
| CVE-2010-1797 | 1 Apple | 1 Iphone Os | 2019-09-26 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-7338 | 2 Apple, Python | 2 Mac Os X, Python | 2019-08-21 | 7.1 HIGH | N/A |
| Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. | |||||
| CVE-2012-0779 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2019-07-18 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. | |||||
| CVE-2014-4459 | 1 Apple | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2019-07-16 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | |||||
| CVE-2014-4452 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2019-07-16 | 5.4 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | |||||
| CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2019-07-16 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | |||||
| CVE-2014-8147 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2019-04-23 | 7.5 HIGH | N/A |
| The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. | |||||
| CVE-2014-8146 | 2 Apple, Icu-project | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2019-04-23 | 7.5 HIGH | N/A |
| The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | |||||
| CVE-2015-5922 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2019-04-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | |||||
| CVE-2013-1824 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Enterprise Linux | 2019-04-22 | 4.3 MEDIUM | N/A |
| The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. | |||||
| CVE-2015-3307 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. | |||||
| CVE-2015-2783 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 5.8 MEDIUM | N/A |
| ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. | |||||
| CVE-2015-4026 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2015-4021 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 5.0 MEDIUM | N/A |
| The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. | |||||
| CVE-2015-4025 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2015-4022 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. | |||||
| CVE-2015-6563 | 2 Apple, Openbsd | 2 Mac Os X, Openssh | 2019-03-26 | 1.9 LOW | N/A |
| The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. | |||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2019-03-19 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | |||||
| CVE-2014-1358 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1361 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. | |||||
| CVE-2015-1092 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-1362 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | |||||
| CVE-2014-1357 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. | |||||
| CVE-2015-1077 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
| CVE-2015-1114 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 1.9 LOW | N/A |
| The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. | |||||
| CVE-2015-1117 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 6.9 MEDIUM | N/A |
| The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. | |||||
| CVE-2014-1356 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. | |||||
| CVE-2014-4378 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 5.8 MEDIUM | N/A |
| CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | |||||
| CVE-2014-4491 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
| CVE-2014-4481 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 6.8 MEDIUM | N/A |
| Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | |||||
| CVE-2015-1094 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 1.9 LOW | N/A |
| IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||||
| CVE-2014-1363 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | |||||
| CVE-2015-1101 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 6.9 MEDIUM | N/A |
| The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2015-1102 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 7.1 HIGH | N/A |
| The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-7095 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | |||||
| CVE-2015-1081 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
| CVE-2015-1118 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. | |||||
| CVE-2015-7084 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 7.2 HIGH | N/A |
| The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083. | |||||
| CVE-2014-1355 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 4.9 MEDIUM | N/A |
| The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. | |||||
| CVE-2014-4379 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 7.1 HIGH | N/A |
| An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. | |||||
| CVE-2013-5228 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | |||||
| CVE-2015-7060 | 1 Apple | 3 Mac Os X, Tvos, Watchos | 2019-03-08 | 6.8 MEDIUM | N/A |
| The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7061. | |||||