Filtered by vendor Apple
Subscribe
Total
11236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4191 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | |||||
| CVE-2016-1864 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2015-7029 | 1 Apple | 1 Airport Base Station Firmware | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2014-4463 | 1 Apple | 1 Iphone Os | 2017-08-29 | 2.1 LOW | N/A |
| Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-29 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2014-4458 | 1 Apple | 1 Mac Os X | 2017-08-29 | 5.0 MEDIUM | N/A |
| The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4457 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.5 HIGH | N/A |
| The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | |||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-29 | 5.0 MEDIUM | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | |||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2017-08-29 | 6.8 MEDIUM | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | |||||
| CVE-2014-4447 | 1 Apple | 1 Os X Server | 2017-08-29 | 1.9 LOW | N/A |
| Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | |||||
| CVE-2014-4446 | 1 Apple | 1 Os X Server | 2017-08-29 | 2.1 LOW | N/A |
| Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | |||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.4 MEDIUM | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | |||||
| CVE-2014-4443 | 1 Apple | 1 Mac Os X | 2017-08-29 | 7.8 HIGH | N/A |
| Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | |||||
| CVE-2014-4442 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.7 MEDIUM | N/A |
| The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | |||||
| CVE-2014-4441 | 1 Apple | 1 Mac Os X | 2017-08-29 | 6.8 MEDIUM | N/A |
| NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | |||||
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2017-08-29 | 2.6 LOW | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | |||||
| CVE-2014-4439 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.3 MEDIUM | N/A |
| Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | |||||