Filtered by vendor Apple
Subscribe
Total
2028 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4713 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||||
CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
CVE-2016-4271 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. | |||||
CVE-2016-1760 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | |||||
CVE-2016-1851 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. | |||||
CVE-2016-1731 | 1 Apple | 1 Software Update | 2023-12-10 | 5.0 MEDIUM | 5.9 MEDIUM |
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | |||||
CVE-2016-1781 | 1 Apple | 2 Iphone Os, Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | |||||
CVE-2016-4646 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |||||
CVE-2016-1772 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | |||||
CVE-2016-4605 | 1 Apple | 1 Iphone Os | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||||
CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
CVE-2016-1782 | 1 Apple | 2 Iphone Os, Safari | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | |||||
CVE-2016-1776 | 1 Apple | 1 Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | |||||
CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
CVE-2016-7153 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
CVE-2016-4742 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | |||||
CVE-2016-1764 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||||
CVE-2016-1787 | 1 Apple | 1 Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||||
CVE-2016-1732 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2016-4247 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors. |