Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4741 1 Apple 1 Iphone Os 2017-08-12 4.3 MEDIUM 5.9 MEDIUM
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
CVE-2016-4746 1 Apple 1 Iphone Os 2017-08-12 5.0 MEDIUM 5.3 MEDIUM
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
CVE-2016-4749 1 Apple 1 Iphone Os 2017-08-12 2.1 LOW 3.3 LOW
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
CVE-2016-4747 1 Apple 1 Iphone Os 2017-08-12 4.3 MEDIUM 3.7 LOW
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2017-2547 1 Apple 2 Iphone Os, Safari 2017-08-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-6978 1 Apple 1 Mac Os X 2017-08-12 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-6982 1 Apple 1 Iphone Os 2017-08-12 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
CVE-2017-2508 1 Apple 2 Iphone Os, Safari 2017-08-12 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.
CVE-2017-2514 1 Apple 2 Iphone Os, Safari 2017-08-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2527 1 Apple 1 Mac Os X 2017-08-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.
CVE-2017-2528 1 Apple 2 Iphone Os, Safari 2017-08-12 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
CVE-2017-2510 1 Apple 2 Iphone Os, Safari 2017-08-12 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.
CVE-2016-4740 1 Apple 1 Iphone Os 2017-08-12 1.9 LOW 2.9 LOW
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2017-3038 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2017-08-11 9.3 HIGH 7.8 HIGH
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.
CVE-2009-0157 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.8 MEDIUM N/A
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
CVE-2009-0161 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.4 MEDIUM N/A
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
CVE-2008-5821 2 Apple, Microsoft 2 Safari, Windows Vista 2017-08-07 5.0 MEDIUM N/A
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
CVE-2009-0162 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
CVE-2009-0009 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.8 MEDIUM N/A
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
CVE-2009-0011 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 7.2 HIGH N/A
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.