Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5755 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2016-12-24 | 6.8 MEDIUM | N/A |
| CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | |||||
| CVE-2015-5752 | 1 Apple | 1 Iphone Os | 2016-12-24 | 5.0 MEDIUM | N/A |
| Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||||
| CVE-2015-5761 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2016-12-24 | 6.8 MEDIUM | N/A |
| CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. | |||||
| CVE-2015-5749 | 1 Apple | 1 Iphone Os | 2016-12-24 | 4.3 MEDIUM | N/A |
| The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
| CVE-2015-5746 | 1 Apple | 1 Iphone Os | 2016-12-24 | 5.0 MEDIUM | N/A |
| AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||||
| CVE-2015-3806 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.2 HIGH | N/A |
| Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | |||||
| CVE-2015-3805 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.2 HIGH | N/A |
| Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | |||||
| CVE-2015-3803 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.2 HIGH | N/A |
| Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | |||||
| CVE-2015-3802 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.2 HIGH | N/A |
| Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | |||||
| CVE-2015-3800 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.2 HIGH | N/A |
| The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |||||
| CVE-2015-3798 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.5 HIGH | N/A |
| The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797. | |||||
| CVE-2015-3797 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.5 HIGH | N/A |
| The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798. | |||||
| CVE-2015-3795 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 9.3 HIGH | N/A |
| libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | |||||
| CVE-2015-3793 | 1 Apple | 1 Iphone Os | 2016-12-24 | 4.3 MEDIUM | N/A |
| CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
| CVE-2015-3804 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 7.5 HIGH | N/A |
| FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | |||||
| CVE-2015-3784 | 1 Apple | 6 Iphone Os, Iwork, Keynote and 3 more | 2016-12-24 | 5.0 MEDIUM | N/A |
| Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-3782 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 4.3 MEDIUM | N/A |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||||
| CVE-2015-3778 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 3.3 LOW | N/A |
| bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |||||
| CVE-2015-3776 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 9.3 HIGH | N/A |
| IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | |||||
| CVE-2015-3768 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 9.3 HIGH | N/A |
| Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | |||||
| CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 4.3 MEDIUM | N/A |
| The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2016-12-24 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||||
| CVE-2015-3759 | 1 Apple | 1 Iphone Os | 2016-12-24 | 4.6 MEDIUM | N/A |
| Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||||
| CVE-2015-3758 | 1 Apple | 1 Iphone Os | 2016-12-24 | 4.3 MEDIUM | N/A |
| UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | |||||
| CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2016-12-24 | 2.1 LOW | N/A |
| The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | |||||
| CVE-2016-6938 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-23 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255. | |||||
| CVE-2014-1301 | 1 Apple | 2 Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | |||||
| CVE-2015-5829 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 6.8 MEDIUM | N/A |
| Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. | |||||
| CVE-2015-5827 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 5.0 MEDIUM | N/A |
| WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | |||||
| CVE-2015-5826 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2015-5847 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 7.2 HIGH | N/A |
| The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-5825 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | |||||
| CVE-2015-5824 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 2.1 LOW | N/A |
| XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | |||||
| CVE-2015-5823 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5822 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5821 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5820 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | |||||
| CVE-2015-5819 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5818 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5817 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5816 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5799 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-22 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2015-5837 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||||
| CVE-2015-5838 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | |||||
| CVE-2015-5839 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||||
| CVE-2015-5840 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | |||||
| CVE-2015-5843 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 7.2 HIGH | N/A |
| IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-5844 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 9.3 HIGH | N/A |
| IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. | |||||
| CVE-2015-5845 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 9.3 HIGH | N/A |
| IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846. | |||||