Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1767 | 1 Apple | 1 Mac Os X | 2016-12-03 | 6.8 MEDIUM | 7.8 HIGH |
| QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. | |||||
| CVE-2016-1731 | 1 Apple | 1 Software Update | 2016-12-03 | 5.0 MEDIUM | 5.9 MEDIUM |
| Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | |||||
| CVE-2016-1746 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | |||||
| CVE-2016-1764 | 1 Apple | 1 Mac Os X | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||||
| CVE-2016-1756 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1761 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1759 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1735 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736. | |||||
| CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2016-12-03 | 2.1 LOW | 3.3 LOW |
| The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |||||
| CVE-2016-1738 | 1 Apple | 1 Mac Os X | 2016-12-03 | 7.2 HIGH | 7.8 HIGH |
| dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. | |||||
| CVE-2016-1757 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 9.3 HIGH | 7.0 HIGH |
| Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 4.3 MEDIUM | 3.3 LOW |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
| CVE-2016-1763 | 1 Apple | 1 Iphone Os | 2016-12-03 | 3.5 LOW | 3.5 LOW |
| Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. | |||||
| CVE-2016-1747 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. | |||||
| CVE-2016-1765 | 1 Apple | 1 Xcode | 2016-12-03 | 4.6 MEDIUM | 7.8 HIGH |
| otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2016-1007 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. | |||||
| CVE-2016-1009 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. | |||||
| CVE-2016-1008 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2016-12-03 | 7.2 HIGH | 8.4 HIGH |
| Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-3027 | 1 Apple | 1 Xcode | 2016-12-03 | 5.0 MEDIUM | N/A |
| Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. | |||||
| CVE-2015-2851 | 2 Apple, Synology | 2 Mac Os X, Cloud Station | 2016-12-03 | 6.8 MEDIUM | N/A |
| client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. | |||||