Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7087 1 Apple 1 Quicktime 2016-12-07 6.8 MEDIUM 6.6 MEDIUM
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
CVE-2015-7057 1 Apple 1 Xcode 2016-12-07 4.6 MEDIUM N/A
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.
CVE-2015-7050 1 Apple 2 Iphone Os, Safari 2016-12-07 4.3 MEDIUM N/A
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
CVE-2015-0810 2 Apple, Mozilla 2 Mac Os X, Firefox 2016-12-06 4.3 MEDIUM N/A
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.
CVE-2016-1730 1 Apple 1 Iphone Os 2016-12-05 5.8 MEDIUM 5.4 MEDIUM
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
CVE-2015-3692 1 Apple 1 Mac Os X 2016-12-05 6.8 MEDIUM N/A
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
CVE-2015-3693 1 Apple 1 Mac Os X 2016-12-05 9.3 HIGH N/A
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
CVE-2016-1780 1 Apple 1 Iphone Os 2016-12-02 4.3 MEDIUM 4.3 MEDIUM
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
CVE-2016-1788 1 Apple 3 Iphone Os, Mac Os X, Watchos 2016-12-02 2.6 LOW 5.9 MEDIUM
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
CVE-2016-1789 1 Apple 1 Ibooks Author 2016-12-02 4.3 MEDIUM 5.5 MEDIUM
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-1758 1 Apple 2 Iphone Os, Mac Os X 2016-12-02 4.3 MEDIUM 3.3 LOW
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
CVE-2016-1760 1 Apple 1 Iphone Os 2016-12-02 2.1 LOW 6.2 MEDIUM
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
CVE-2016-1766 1 Apple 1 Iphone Os 2016-12-02 5.0 MEDIUM 7.5 HIGH
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
CVE-2016-1773 1 Apple 1 Mac Os X 2016-12-02 2.1 LOW 3.3 LOW
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
CVE-2016-1767 1 Apple 1 Mac Os X 2016-12-02 6.8 MEDIUM 7.8 HIGH
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
CVE-2016-1770 1 Apple 1 Mac Os X 2016-12-02 4.3 MEDIUM 6.5 MEDIUM
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
CVE-2016-1765 1 Apple 1 Xcode 2016-12-02 4.6 MEDIUM 7.8 HIGH
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2016-1764 1 Apple 1 Mac Os X 2016-12-02 4.3 MEDIUM 4.3 MEDIUM
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
CVE-2016-1763 1 Apple 1 Iphone Os 2016-12-02 3.5 LOW 3.5 LOW
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
CVE-2016-1759 1 Apple 1 Mac Os X 2016-12-02 9.3 HIGH 7.8 HIGH
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.