Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2510 | 1 Apple | 2 Iphone Os, Safari | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. | |||||
| CVE-2016-4620 | 1 Apple | 1 Iphone Os | 2017-08-13 | 4.3 MEDIUM | 3.3 LOW |
| The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. | |||||
| CVE-2017-2508 | 1 Apple | 2 Iphone Os, Safari | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. | |||||
| CVE-2017-6982 | 1 Apple | 1 Iphone Os | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2017-2527 | 1 Apple | 1 Mac Os X | 2017-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. | |||||
| CVE-2016-4747 | 1 Apple | 1 Iphone Os | 2017-08-13 | 4.3 MEDIUM | 3.7 LOW |
| Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||||
| CVE-2016-4704 | 1 Apple | 1 Xcode | 2017-08-13 | 7.2 HIGH | 7.8 HIGH |
| otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705. | |||||
| CVE-2016-6936 | 3 Adobe, Apple, Microsoft | 3 Air Sdk \& Compiler, Mac Os X, Windows | 2017-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. | |||||
| CVE-2016-4705 | 1 Apple | 1 Xcode | 2017-08-13 | 7.2 HIGH | 7.8 HIGH |
| otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704. | |||||
| CVE-2017-6978 | 1 Apple | 1 Mac Os X | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-3038 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-08-12 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2009-0157 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. | |||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-0032 | 2 Apple, Mandriva | 4 Cups, Corporate Server, Linux and 1 more | 2017-08-08 | 6.9 MEDIUM | N/A |
| CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. | |||||
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | |||||
| CVE-2009-0161 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.4 MEDIUM | N/A |
| The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. | |||||
| CVE-2009-0155 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. | |||||
| CVE-2009-0150 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.4 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. | |||||
| CVE-2009-0151 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | |||||
| CVE-2009-0162 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||||