Total
4003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5789 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2025-04-12 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
| CVE-2016-1752 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2014-4495 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 10.0 HIGH | N/A |
| The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | |||||
| CVE-2014-1278 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 7.2 HIGH | N/A |
| The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call. | |||||
| CVE-2016-0969 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. | |||||
| CVE-2015-7081 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4405 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 9.3 HIGH | N/A |
| IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | |||||
| CVE-2015-5788 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | |||||
| CVE-2016-4620 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
| The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. | |||||
| CVE-2015-7069 | 1 Apple | 1 Iphone Os | 2025-04-12 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | |||||
| CVE-2015-8042 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. | |||||
| CVE-2014-4421 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 1.9 LOW | N/A |
| The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. | |||||
| CVE-2015-1110 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | |||||
| CVE-2016-4746 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. | |||||
| CVE-2016-1819 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. | |||||
| CVE-2015-3658 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | |||||
| CVE-2015-3719 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
| TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. | |||||
| CVE-2016-4632 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2016-0987 | 6 Adobe, Apple, Google and 3 more | 15 Air, Air Desktop Runtime, Air Sdk and 12 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | |||||
| CVE-2016-1849 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | |||||