Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5813 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5765 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 4.3 MEDIUM | N/A |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | |||||
CVE-2015-5808 | 1 Apple | 2 Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5895 | 2 Apple, Sqlite | 2 Iphone Os, Sqlite | 2016-12-21 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | |||||
CVE-2015-5789 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5827 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 5.0 MEDIUM | N/A |
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | |||||
CVE-2015-5835 | 1 Apple | 1 Iphone Os | 2016-12-21 | 4.3 MEDIUM | N/A |
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | |||||
CVE-2015-5826 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2015-5792 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5804 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5840 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-21 | 5.0 MEDIUM | N/A |
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | |||||
CVE-2015-5820 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | |||||
CVE-2015-5793 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5795 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5812 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5794 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-21 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2016-12-21 | 5.0 MEDIUM | N/A |
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | |||||
CVE-2015-5920 | 1 Apple | 1 Itunes | 2016-12-21 | 4.3 MEDIUM | N/A |
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. | |||||
CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-21 | 4.3 MEDIUM | N/A |
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | |||||
CVE-2015-5909 | 1 Apple | 1 Xcode | 2016-12-21 | 5.0 MEDIUM | N/A |
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. |