Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5044 2 Apple, Gnu 2 Mac Os X, Groff 2016-03-30 3.3 LOW N/A
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVE-2009-5078 2 Apple, Gnu 2 Mac Os X, Groff 2016-03-30 6.4 MEDIUM 6.5 MEDIUM
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
CVE-2016-0955 4 Adobe, Apple, Linux and 1 more 4 Experience Manager, Mac Os X, Linux Kernel and 1 more 2016-03-22 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
CVE-2016-0957 4 Adobe, Apple, Linux and 1 more 5 Dispatcher, Experience Manager, Mac Os X and 2 more 2016-02-25 7.8 HIGH 7.5 HIGH
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
CVE-2016-0958 4 Adobe, Apple, Linux and 1 more 4 Experience Manager, Mac Os X, Linux Kernel and 1 more 2016-02-18 7.8 HIGH 7.5 HIGH
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
CVE-2015-7024 1 Apple 1 Mac Os X 2016-01-11 6.9 MEDIUM 6.7 MEDIUM
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.
CVE-2015-6980 1 Apple 1 Mac Os X 2016-01-11 7.2 HIGH 7.8 HIGH
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2014-1381 1 Apple 1 Mac Os X 2015-12-22 10.0 HIGH N/A
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
CVE-2014-1375 1 Apple 1 Mac Os X 2015-12-22 2.1 LOW N/A
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
CVE-2014-1380 1 Apple 1 Mac Os X 2015-12-22 2.6 LOW N/A
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input.
CVE-2014-1371 1 Apple 2 Mac Os X, Mac Os X Server 2015-12-22 7.5 HIGH N/A
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
CVE-2014-1378 1 Apple 1 Mac Os X 2015-12-22 2.1 LOW N/A
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
CVE-2014-1317 1 Apple 1 Mac Os X 2015-12-22 2.1 LOW N/A
iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.
CVE-2014-1369 1 Apple 1 Safari 2015-12-08 4.3 MEDIUM N/A
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.
CVE-2014-1346 1 Apple 1 Safari 2015-12-08 5.0 MEDIUM N/A
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
CVE-2015-5859 1 Apple 2 Iphone Os, Mac Os X 2015-11-30 4.3 MEDIUM N/A
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-1112 1 Apple 2 Iphone Os, Safari 2015-11-30 5.0 MEDIUM N/A
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
CVE-2014-4497 1 Apple 1 Mac Os X 2015-11-30 10.0 HIGH N/A
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
CVE-2014-4499 1 Apple 1 Mac Os X 2015-11-30 2.1 LOW N/A
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.
CVE-2015-5787 1 Apple 1 Iphone Os 2015-11-23 4.3 MEDIUM N/A
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.