Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-5044 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2016-03-30 | 3.3 LOW | N/A |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. | |||||
CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2016-03-30 | 6.4 MEDIUM | 6.5 MEDIUM |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | |||||
CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||||
CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-02-18 | 7.8 HIGH | 7.5 HIGH |
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||||
CVE-2015-7024 | 1 Apple | 1 Mac Os X | 2016-01-11 | 6.9 MEDIUM | 6.7 MEDIUM |
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | |||||
CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2016-01-11 | 7.2 HIGH | 7.8 HIGH |
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2014-1381 | 1 Apple | 1 Mac Os X | 2015-12-22 | 10.0 HIGH | N/A |
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. | |||||
CVE-2014-1375 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
CVE-2014-1380 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.6 LOW | N/A |
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. | |||||
CVE-2014-1371 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2015-12-22 | 7.5 HIGH | N/A |
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. | |||||
CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2014-1369 | 1 Apple | 1 Safari | 2015-12-08 | 4.3 MEDIUM | N/A |
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||||
CVE-2014-1346 | 1 Apple | 1 Safari | 2015-12-08 | 5.0 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. | |||||
CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2015-11-30 | 4.3 MEDIUM | N/A |
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2015-1112 | 1 Apple | 2 Iphone Os, Safari | 2015-11-30 | 5.0 MEDIUM | N/A |
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | |||||
CVE-2014-4497 | 1 Apple | 1 Mac Os X | 2015-11-30 | 10.0 HIGH | N/A |
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. | |||||
CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2015-11-30 | 2.1 LOW | N/A |
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2015-5787 | 1 Apple | 1 Iphone Os | 2015-11-23 | 4.3 MEDIUM | N/A |
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. |