Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5755 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2016-12-23 | 6.8 MEDIUM | N/A |
| CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | |||||
| CVE-2015-7008 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 6.8 MEDIUM | N/A |
| FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | |||||
| CVE-2015-5746 | 1 Apple | 1 Iphone Os | 2016-12-23 | 5.0 MEDIUM | N/A |
| AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||||
| CVE-2015-7022 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.3 MEDIUM | N/A |
| The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | |||||
| CVE-2015-7031 | 1 Apple | 1 Mac Os X Server | 2016-12-23 | 5.0 MEDIUM | N/A |
| The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2015-7013 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2016-12-23 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | |||||
| CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 5.8 MEDIUM | N/A |
| CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | |||||
| CVE-2015-6990 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 6.8 MEDIUM | N/A |
| FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | |||||
| CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2016-12-23 | 2.1 LOW | N/A |
| The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | |||||
| CVE-2015-3758 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.3 MEDIUM | N/A |
| UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | |||||
| CVE-2015-3759 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.6 MEDIUM | N/A |
| Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||||
| CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||||
| CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 4.3 MEDIUM | N/A |
| The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-3768 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 9.3 HIGH | N/A |
| Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | |||||
| CVE-2015-3804 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 7.5 HIGH | N/A |
| FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | |||||
| CVE-2015-3776 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 9.3 HIGH | N/A |
| IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | |||||
| CVE-2015-3778 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 3.3 LOW | N/A |
| bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |||||
| CVE-2015-3782 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 4.3 MEDIUM | N/A |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||||
| CVE-2015-3784 | 1 Apple | 6 Iphone Os, Iwork, Keynote and 3 more | 2016-12-23 | 5.0 MEDIUM | N/A |
| Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-3793 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.3 MEDIUM | N/A |
| CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||