Filtered by vendor Apple
Subscribe
Total
11236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7082 | 2 Apple, Git Project | 2 Xcode, Git | 2016-12-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. | |||||
| CVE-2015-7080 | 1 Apple | 1 Iphone Os | 2016-12-07 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2015-7070 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. | |||||
| CVE-2015-7069 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | |||||
| CVE-2015-7057 | 1 Apple | 1 Xcode | 2016-12-07 | 4.6 MEDIUM | N/A |
| otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||||
| CVE-2015-7056 | 1 Apple | 1 Xcode | 2016-12-07 | 5.0 MEDIUM | N/A |
| IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. | |||||
| CVE-2015-7050 | 1 Apple | 2 Iphone Os, Safari | 2016-12-07 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | |||||
| CVE-2015-7049 | 1 Apple | 1 Xcode | 2016-12-07 | 4.6 MEDIUM | N/A |
| otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||||
| CVE-2015-7037 | 1 Apple | 1 Iphone Os | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2015-0810 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. | |||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2016-12-06 | 5.8 MEDIUM | 5.4 MEDIUM |
| WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
| CVE-2015-3693 | 1 Apple | 1 Mac Os X | 2016-12-06 | 9.3 HIGH | N/A |
| Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. | |||||
| CVE-2015-3692 | 1 Apple | 1 Mac Os X | 2016-12-06 | 6.8 MEDIUM | N/A |
| Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. | |||||
| CVE-2016-1789 | 1 Apple | 1 Ibooks Author | 2016-12-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-1788 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 2.6 LOW | 5.9 MEDIUM |
| Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | |||||
| CVE-2016-1780 | 1 Apple | 1 Iphone Os | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | |||||
| CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2016-12-03 | 2.1 LOW | 3.3 LOW |
| The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |||||
| CVE-2016-1770 | 1 Apple | 1 Mac Os X | 2016-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | |||||
| CVE-2016-1767 | 1 Apple | 1 Mac Os X | 2016-12-03 | 6.8 MEDIUM | 7.8 HIGH |
| QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. | |||||
| CVE-2016-1766 | 1 Apple | 1 Iphone Os | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. | |||||