Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5813 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5765 1 Apple 2 Iphone Os, Safari 2016-12-21 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2015-5808 1 Apple 2 Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
CVE-2015-5895 2 Apple, Sqlite 2 Iphone Os, Sqlite 2016-12-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
CVE-2015-5789 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5827 1 Apple 2 Iphone Os, Safari 2016-12-21 5.0 MEDIUM N/A
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
CVE-2015-5835 1 Apple 1 Iphone Os 2016-12-21 4.3 MEDIUM N/A
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
CVE-2015-5826 1 Apple 2 Iphone Os, Safari 2016-12-21 4.3 MEDIUM N/A
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-5792 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5804 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5840 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 5.0 MEDIUM N/A
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
CVE-2015-5820 1 Apple 2 Iphone Os, Safari 2016-12-21 4.3 MEDIUM N/A
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
CVE-2015-5793 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5795 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5812 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5794 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5906 1 Apple 1 Iphone Os 2016-12-21 5.0 MEDIUM N/A
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.
CVE-2015-5920 1 Apple 1 Itunes 2016-12-21 4.3 MEDIUM N/A
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
CVE-2015-5916 1 Apple 2 Iphone Os, Watchos 2016-12-21 4.3 MEDIUM N/A
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
CVE-2015-5909 1 Apple 1 Xcode 2016-12-21 5.0 MEDIUM N/A
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.