Total
5565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5987 | 2 Apple, Nvidia | 2 Mac Os X, Gpu Driver | 2016-08-23 | 7.2 HIGH | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |||||
| CVE-2009-0158 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2016-08-23 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. | |||||
| CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
| CVE-2016-1208 | 2 Apple, Filemaker | 2 Mac Os X, Filemaker | 2016-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | |||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2016-05-09 | 7.2 HIGH | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
| CVE-2014-8611 | 2 Apple, Freebsd | 3 Iphone Os, Mac Os X, Freebsd | 2016-04-06 | 6.9 MEDIUM | N/A |
| The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | |||||
| CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2016-03-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | |||||
| CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
| CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||||
| CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-02-18 | 7.8 HIGH | 7.5 HIGH |
| Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||||
| CVE-2015-7024 | 1 Apple | 1 Mac Os X | 2016-01-12 | 6.9 MEDIUM | 6.7 MEDIUM |
| Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | |||||
| CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2016-01-12 | 7.2 HIGH | 7.8 HIGH |
| Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-1381 | 1 Apple | 1 Mac Os X | 2015-12-22 | 10.0 HIGH | N/A |
| Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. | |||||
| CVE-2014-1380 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.6 LOW | N/A |
| The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. | |||||
| CVE-2014-1375 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-1371 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2015-12-22 | 7.5 HIGH | N/A |
| Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. | |||||
| CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2015-11-30 | 4.3 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||