Total
4068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7661 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | |||||
| CVE-2016-4605 | 1 Apple | 1 Iphone Os | 2017-09-01 | 7.1 HIGH | 6.5 MEDIUM |
| Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||||
| CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-01 | 3.5 LOW | 5.3 MEDIUM |
| FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
| CVE-2017-2362 | 1 Apple | 3 Apple Tv, Iphone Os, Safari | 2017-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-1864 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2016-4628 | 1 Apple | 2 Iphone Os, Watchos | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-4593 | 1 Apple | 1 Iphone Os | 2017-09-01 | 2.1 LOW | 2.4 LOW |
| The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | |||||
| CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
| CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | |||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2017-08-29 | 6.8 MEDIUM | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-29 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-29 | 5.0 MEDIUM | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4457 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.5 HIGH | N/A |
| The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | |||||
| CVE-2014-4423 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||||
| CVE-2014-4463 | 1 Apple | 1 Iphone Os | 2017-08-29 | 2.1 LOW | N/A |
| Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||||
| CVE-2014-4409 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | |||||
| CVE-2014-4374 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-29 | 5.0 MEDIUM | N/A |
| NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||