Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9161 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2017-01-02 9.3 HIGH N/A
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
CVE-2014-9160 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2017-01-02 10.0 HIGH N/A
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.
CVE-2015-0331 4 Adobe, Apple, Linux and 1 more 4 Flash Player, Mac Os X, Linux Kernel and 1 more 2017-01-02 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVE-2015-0356 4 Adobe, Apple, Linux and 1 more 4 Flash Player, Mac Os X, Linux Kernel and 1 more 2017-01-02 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."
CVE-2015-0357 4 Adobe, Apple, Linux and 1 more 4 Flash Player, Mac Os X, Linux Kernel and 1 more 2017-01-02 5.0 MEDIUM N/A
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040.
CVE-2015-1085 1 Apple 1 Iphone Os 2017-01-02 1.9 LOW N/A
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
CVE-2015-1087 1 Apple 1 Iphone Os 2017-01-02 2.1 LOW N/A
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
CVE-2015-1088 1 Apple 2 Iphone Os, Mac Os X 2017-01-02 6.8 MEDIUM N/A
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2015-1089 1 Apple 2 Iphone Os, Mac Os X 2017-01-02 5.0 MEDIUM N/A
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1090 1 Apple 1 Iphone Os 2017-01-02 5.0 MEDIUM N/A
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
CVE-2015-1091 1 Apple 2 Iphone Os, Mac Os X 2017-01-02 4.3 MEDIUM N/A
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1106 1 Apple 1 Iphone Os 2017-01-02 2.1 LOW N/A
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
CVE-2015-1107 1 Apple 1 Iphone Os 2017-01-02 1.9 LOW N/A
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1108 1 Apple 1 Iphone Os 2017-01-02 2.1 LOW N/A
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1109 1 Apple 1 Iphone Os 2017-01-02 2.1 LOW N/A
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
CVE-2015-1111 1 Apple 1 Iphone Os 2017-01-02 5.0 MEDIUM N/A
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
CVE-2015-1113 1 Apple 1 Iphone Os 2017-01-02 1.9 LOW N/A
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
CVE-2015-1115 1 Apple 1 Iphone Os 2017-01-02 4.4 MEDIUM N/A
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
CVE-2015-1116 1 Apple 1 Iphone Os 2017-01-02 2.1 LOW N/A
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
CVE-2015-1155 1 Apple 2 Iphone Os, Safari 2017-01-02 4.3 MEDIUM N/A
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.