Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5873 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
CVE-2015-5875 1 Apple 1 Mac Os X 2016-12-09 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
CVE-2015-5877 1 Apple 1 Mac Os X 2016-12-09 7.2 HIGH N/A
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
CVE-2015-5878 1 Apple 1 Mac Os X 2016-12-09 2.1 LOW N/A
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-7034 1 Apple 2 Iwork, Pages 2016-12-08 6.8 MEDIUM N/A
The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document.
CVE-2015-7032 1 Apple 4 Iwork, Keynote, Numbers and 1 more 2016-12-08 4.3 MEDIUM N/A
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.
CVE-2015-7033 1 Apple 4 Iwork, Keynote, Numbers and 1 more 2016-12-08 6.8 MEDIUM N/A
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document.
CVE-2015-7760 1 Apple 1 Mac Os X 2016-12-07 5.0 MEDIUM N/A
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.
CVE-2015-5923 1 Apple 1 Iphone Os 2016-12-07 2.1 LOW N/A
Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.
CVE-2015-5918 1 Apple 1 Watch Os 2016-12-07 7.2 HIGH N/A
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919.
CVE-2015-5913 1 Apple 1 Mac Os X 2016-12-07 6.8 MEDIUM N/A
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
CVE-2015-5919 1 Apple 1 Watch Os 2016-12-07 7.2 HIGH N/A
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918.
CVE-2015-5917 2 Apple, Netbsd 2 Mac Os X, Tnftpd 2016-12-07 5.0 MEDIUM N/A
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
CVE-2015-5914 1 Apple 1 Mac Os X 2016-12-07 4.7 MEDIUM N/A
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
CVE-2015-5915 1 Apple 1 Mac Os X 2016-12-07 5.0 MEDIUM N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-5902 1 Apple 1 Mac Os X 2016-12-07 4.9 MEDIUM N/A
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
CVE-2015-5900 1 Apple 1 Mac Os X 2016-12-07 7.1 HIGH N/A
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
CVE-2015-5901 1 Apple 1 Mac Os X 2016-12-07 2.1 LOW N/A
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
CVE-2015-5890 1 Apple 1 Mac Os X 2016-12-07 7.2 HIGH N/A
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
CVE-2015-5897 1 Apple 1 Mac Os X 2016-12-07 4.6 MEDIUM N/A
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.