Filtered by vendor Apple
Subscribe
Total
2028 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4651 | 1 Apple | 2 Iphone Os, Safari | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. | |||||
CVE-2016-4746 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. | |||||
CVE-2016-4741 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | |||||
CVE-2015-7116 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | |||||
CVE-2016-4587 | 1 Apple | 3 Iphone Os, Tvos, Webkit | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. | |||||
CVE-2016-4595 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. | |||||
CVE-2016-1734 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | |||||
CVE-2016-1807 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 1.9 LOW | 5.1 MEDIUM |
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. | |||||
CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 2.1 LOW | 4.0 MEDIUM |
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
CVE-2016-4649 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2016-1745 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
CVE-2016-4718 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | |||||
CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
CVE-2016-1156 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | |||||
CVE-2016-1811 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||||
CVE-2016-4722 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | |||||
CVE-2009-2197 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | |||||
CVE-2016-1814 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2016-1771 | 1 Apple | 1 Safari | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. |