Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3727 1 Apple 3 Iphone Os, Mac Os X, Safari 2016-12-27 6.8 MEDIUM N/A
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
CVE-2015-3728 1 Apple 1 Iphone Os 2016-12-27 4.8 MEDIUM N/A
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
CVE-2015-6999 1 Apple 1 Iphone Os 2016-12-23 5.0 MEDIUM N/A
The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
CVE-2015-7007 1 Apple 1 Mac Os X 2016-12-23 7.5 HIGH N/A
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
CVE-2015-5773 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 6.8 MEDIUM N/A
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
CVE-2015-5774 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 7.2 HIGH N/A
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5775 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 7.5 HIGH N/A
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5931 1 Apple 2 Itunes, Safari 2016-12-23 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
CVE-2015-7006 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-23 6.8 MEDIUM N/A
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
CVE-2015-7005 1 Apple 1 Iphone Os 2016-12-23 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.
CVE-2015-7009 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 6.8 MEDIUM N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018.
CVE-2015-7030 1 Apple 1 Xcode 2016-12-23 7.5 HIGH N/A
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-5777 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 6.8 MEDIUM N/A
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5778 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 6.8 MEDIUM N/A
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-6997 1 Apple 2 Iphone Os, Watchos 2016-12-23 4.3 MEDIUM N/A
The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVE-2015-5776 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 7.5 HIGH N/A
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5785 1 Apple 1 Quicktime 2016-12-23 6.8 MEDIUM N/A
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.
CVE-2015-6983 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 8.8 HIGH N/A
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
CVE-2015-6992 1 Apple 3 Iphone Os, Itunes, Mac Os X 2016-12-23 7.5 HIGH N/A
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
CVE-2015-7018 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 6.8 MEDIUM N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.