Total
1445 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6996 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 6.8 MEDIUM | N/A |
IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2016-4737 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
CVE-2015-7046 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 2.6 LOW | N/A |
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges. | |||||
CVE-2015-5922 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | |||||
CVE-2015-6979 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-28 | 9.3 HIGH | N/A |
GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2016-1717 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2015-5927 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 6.8 MEDIUM | N/A |
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. | |||||
CVE-2016-4658 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. | |||||
CVE-2015-5885 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 5.0 MEDIUM | N/A |
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | |||||
CVE-2015-5842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 2.1 LOW | N/A |
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | |||||
CVE-2016-4609 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. | |||||
CVE-2016-1950 | 4 Apple, Mozilla, Opensuse and 1 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | |||||
CVE-2016-4774 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. | |||||
CVE-2016-1751 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | |||||
CVE-2015-5926 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 6.8 MEDIUM | N/A |
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. | |||||
CVE-2015-5863 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 2.1 LOW | N/A |
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | |||||
CVE-2014-8147 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2024-02-28 | 7.5 HIGH | N/A |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. | |||||
CVE-2015-5899 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 7.2 HIGH | N/A |
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2015-5896 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 7.2 HIGH | N/A |
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903. | |||||
CVE-2015-7059 | 1 Apple | 3 Mac Os X, Tvos, Watchos | 2024-02-28 | 6.8 MEDIUM | N/A |
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061. |