Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5873 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | |||||
CVE-2015-5875 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||||
CVE-2015-5877 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | |||||
CVE-2015-5878 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-7034 | 1 Apple | 2 Iwork, Pages | 2016-12-08 | 6.8 MEDIUM | N/A |
The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. | |||||
CVE-2015-7032 | 1 Apple | 4 Iwork, Keynote, Numbers and 1 more | 2016-12-08 | 4.3 MEDIUM | N/A |
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. | |||||
CVE-2015-7033 | 1 Apple | 4 Iwork, Keynote, Numbers and 1 more | 2016-12-08 | 6.8 MEDIUM | N/A |
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. | |||||
CVE-2015-7760 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | |||||
CVE-2015-5923 | 1 Apple | 1 Iphone Os | 2016-12-07 | 2.1 LOW | N/A |
Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | |||||
CVE-2015-5918 | 1 Apple | 1 Watch Os | 2016-12-07 | 7.2 HIGH | N/A |
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919. | |||||
CVE-2015-5913 | 1 Apple | 1 Mac Os X | 2016-12-07 | 6.8 MEDIUM | N/A |
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | |||||
CVE-2015-5919 | 1 Apple | 1 Watch Os | 2016-12-07 | 7.2 HIGH | N/A |
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918. | |||||
CVE-2015-5917 | 2 Apple, Netbsd | 2 Mac Os X, Tnftpd | 2016-12-07 | 5.0 MEDIUM | N/A |
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | |||||
CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.7 MEDIUM | N/A |
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||||
CVE-2015-5902 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.9 MEDIUM | N/A |
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||||
CVE-2015-5900 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.1 HIGH | N/A |
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||||
CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2016-12-07 | 2.1 LOW | N/A |
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||||
CVE-2015-5890 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | |||||
CVE-2015-5897 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.6 MEDIUM | N/A |
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. |