Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7422 2 Apple, Perl 2 Mac Os X, Perl 2016-12-21 7.5 HIGH N/A
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
CVE-2015-3801 1 Apple 2 Iphone Os, Safari 2016-12-21 5.0 MEDIUM N/A
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2016-1774 1 Apple 1 Mac Os X Server 2016-12-19 5.0 MEDIUM 5.3 MEDIUM
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
CVE-2016-1776 1 Apple 1 Mac Os X Server 2016-12-19 5.0 MEDIUM 5.3 MEDIUM
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
CVE-2016-1777 1 Apple 1 Mac Os X Server 2016-12-19 5.0 MEDIUM 7.5 HIGH
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2016-1787 1 Apple 1 Mac Os X Server 2016-12-19 5.0 MEDIUM 5.3 MEDIUM
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
CVE-2013-5195 1 Apple 3 Itunes, Safari, Webkit 2016-12-09 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
CVE-2015-5780 1 Apple 1 Safari 2016-12-09 10.0 HIGH N/A
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
CVE-2015-5833 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
CVE-2015-5830 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
CVE-2015-5864 1 Apple 1 Mac Os X 2016-12-09 2.1 LOW N/A
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2015-5836 1 Apple 1 Mac Os X 2016-12-09 4.3 MEDIUM N/A
Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
CVE-2015-5849 1 Apple 1 Mac Os X 2016-12-09 6.8 MEDIUM N/A
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
CVE-2015-5853 1 Apple 1 Mac Os X 2016-12-09 3.3 LOW N/A
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
CVE-2015-5865 1 Apple 1 Mac Os X 2016-12-09 4.3 MEDIUM N/A
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-5866 1 Apple 1 Mac Os X 2016-12-09 9.3 HIGH N/A
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5854 1 Apple 1 Mac Os X 2016-12-09 2.1 LOW N/A
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
CVE-2015-5870 1 Apple 1 Mac Os X 2016-12-09 2.1 LOW N/A
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
CVE-2015-5871 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5872 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.