Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5893 | 1 Apple | 1 Mac Os X | 2016-12-07 | 2.1 LOW | N/A |
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
CVE-2015-5894 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.3 MEDIUM | N/A |
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||
CVE-2015-5891 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2015-5887 | 1 Apple | 1 Mac Os X | 2016-12-07 | 10.0 HIGH | N/A |
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | |||||
CVE-2015-5888 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | |||||
CVE-2015-5884 | 1 Apple | 1 Mac Os X | 2016-12-07 | 3.3 LOW | N/A |
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||||
CVE-2015-5883 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | |||||
CVE-2015-5522 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2016-12-07 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | |||||
CVE-2015-5523 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2016-12-07 | 4.3 MEDIUM | N/A |
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | |||||
CVE-2015-3785 | 1 Apple | 1 Mac Os X | 2016-12-07 | 1.9 LOW | N/A |
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. | |||||
CVE-2015-1065 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-07 | 5.4 MEDIUM | N/A |
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. | |||||
CVE-2014-1335 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1336 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1337 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1338 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1339 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1340 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1. | |||||
CVE-2014-1341 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1342 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | |||||
CVE-2014-1343 | 1 Apple | 1 Safari | 2016-12-07 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. |