Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5767 1 Apple 2 Iphone Os, Safari 2016-12-21 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
CVE-2015-5882 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 7.2 HIGH N/A
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
CVE-2015-5892 1 Apple 1 Iphone Os 2016-12-21 2.1 LOW N/A
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
CVE-2015-5899 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 7.2 HIGH N/A
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-5905 1 Apple 1 Iphone Os 2016-12-21 5.0 MEDIUM N/A
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
CVE-2015-5907 1 Apple 1 Iphone Os 2016-12-21 2.6 LOW N/A
WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
CVE-2015-5843 1 Apple 2 Iphone Os, Watchos 2016-12-21 7.2 HIGH N/A
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-5921 1 Apple 1 Iphone Os 2016-12-21 4.3 MEDIUM N/A
WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2015-6908 2 Apple, Openldap 2 Mac Os X, Openldap 2016-12-21 5.0 MEDIUM N/A
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
CVE-2015-5880 1 Apple 1 Iphone Os 2016-12-21 4.3 MEDIUM N/A
CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
CVE-2015-5879 1 Apple 2 Iphone Os, Mac Os X 2016-12-21 5.0 MEDIUM N/A
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
CVE-2015-5802 1 Apple 3 Iphone Os, Itunes, Safari 2016-12-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5851 1 Apple 2 Iphone Os, Mac Os X 2016-12-21 2.1 LOW N/A
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
CVE-2015-5855 1 Apple 2 Iphone Os, Watchos 2016-12-21 4.3 MEDIUM N/A
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.
CVE-2015-5869 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 3.3 LOW N/A
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-5876 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 9.3 HIGH N/A
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5862 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 4.3 MEDIUM N/A
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
CVE-2015-5863 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-21 2.1 LOW N/A
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
CVE-2015-5857 1 Apple 1 Iphone Os 2016-12-21 5.0 MEDIUM N/A
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
CVE-2015-5858 1 Apple 2 Iphone Os, Watchos 2016-12-21 5.0 MEDIUM N/A
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.