Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4741 | 1 Apple | 1 Iphone Os | 2017-08-12 | 4.3 MEDIUM | 5.9 MEDIUM |
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | |||||
CVE-2016-4746 | 1 Apple | 1 Iphone Os | 2017-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. | |||||
CVE-2016-4749 | 1 Apple | 1 Iphone Os | 2017-08-12 | 2.1 LOW | 3.3 LOW |
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. | |||||
CVE-2016-4747 | 1 Apple | 1 Iphone Os | 2017-08-12 | 4.3 MEDIUM | 3.7 LOW |
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||||
CVE-2017-2547 | 1 Apple | 2 Iphone Os, Safari | 2017-08-12 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2017-6978 | 1 Apple | 1 Mac Os X | 2017-08-12 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2017-6982 | 1 Apple | 1 Iphone Os | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | |||||
CVE-2017-2508 | 1 Apple | 2 Iphone Os, Safari | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. | |||||
CVE-2017-2514 | 1 Apple | 2 Iphone Os, Safari | 2017-08-12 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2017-2527 | 1 Apple | 1 Mac Os X | 2017-08-12 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. | |||||
CVE-2017-2528 | 1 Apple | 2 Iphone Os, Safari | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. | |||||
CVE-2017-2510 | 1 Apple | 2 Iphone Os, Safari | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. | |||||
CVE-2016-4740 | 1 Apple | 1 Iphone Os | 2017-08-12 | 1.9 LOW | 2.9 LOW |
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2017-3038 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-08-11 | 9.3 HIGH | 7.8 HIGH |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2009-0157 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. | |||||
CVE-2009-0161 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.4 MEDIUM | N/A |
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. | |||||
CVE-2008-5821 | 2 Apple, Microsoft | 2 Safari, Windows Vista | 2017-08-07 | 5.0 MEDIUM | N/A |
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||||
CVE-2009-0162 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||||
CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
CVE-2009-0011 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. |