Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3720 1 Apple 1 Mac Os X 2016-11-28 4.3 MEDIUM N/A
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-1156 1 Apple 2 Iphone Os, Safari 2016-11-28 4.3 MEDIUM N/A
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
CVE-2015-1157 1 Apple 3 Iphone Os, Itunes, Mac Os X 2016-11-28 7.8 HIGH N/A
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
CVE-2013-1775 2 Apple, Todd Miller 2 Mac Os X, Sudo 2016-11-28 6.9 MEDIUM N/A
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
CVE-2013-1038 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-18 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1037 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-18 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1039 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-18 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1041 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-18 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1040 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-18 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1047 1 Apple 3 Iphone Os, Itunes, Safari 2016-11-17 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2015-0973 3 Apple, Libpng, Oracle 3 Mac Os X, Libpng, Solaris 2016-10-20 7.5 HIGH N/A
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
CVE-2014-9495 2 Apple, Libpng 2 Mac Os X, Libpng 2016-10-17 10.0 HIGH N/A
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
CVE-2005-3897 1 Apple 1 Safari 2016-10-17 7.8 HIGH N/A
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
CVE-2005-2195 1 Apple 1 Darwin Streaming Server 2016-10-17 5.0 MEDIUM N/A
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
CVE-2005-1725 1 Apple 1 Mac Os X Server 2016-10-17 2.1 LOW N/A
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
CVE-2005-1385 1 Apple 1 Safari 2016-10-17 2.6 LOW N/A
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.
CVE-2005-1106 1 Apple 1 Quicktime Pictureviewer 2016-10-17 5.0 MEDIUM N/A
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.
CVE-2005-0903 1 Apple 1 Quicktime Pictureviewer 2016-10-17 2.6 LOW N/A
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
CVE-2003-0050 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2016-10-17 7.5 HIGH N/A
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVE-2003-0051 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2016-10-17 5.0 MEDIUM N/A
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.