Vulnerabilities (CVE)

Vendor filter

Apple Subscribe

Filter

4388 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2019-10-10 4.4
Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos? hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2015-1352 2 Apple, Php 2 Mac Os X, Php 2019-10-09 5.0
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and...
CVE-2014-3566 11 Openssl, Apple, Redhat and 8 more 21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more 2019-10-09 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2018-4366 1 Apple 1 Iphone Os 2019-10-03 5.0
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
CVE-2017-13828 1 Apple 1 Mac Os X 2019-10-03 4.3
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.
CVE-2017-13786 1 Apple 1 Mac Os X 2019-10-03 2.1
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read...
CVE-2018-4173 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 4.3
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
CVE-2017-2534 1 Apple 1 Mac Os X 2019-10-03 6.8
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.
CVE-2017-7146 1 Apple 1 Iphone Os 2019-10-03 5.0
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
CVE-2018-4310 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 7.5
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2017-7079 1 Apple 1 Itunes 2019-10-03 4.3
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.
CVE-2017-13860 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 4.3
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging...
CVE-2017-7133 1 Apple 1 Iphone Os 2019-10-03 5.0
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read...
CVE-2017-2402 1 Apple 1 Mac Os X 2019-10-03 7.5
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to...
CVE-2018-4156 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 7.6
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context...
CVE-2018-4151 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 7.6
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context...
CVE-2017-2423 1 Apple 2 Mac Os X, Iphone Os 2019-10-03 7.5
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a...
CVE-2017-7161 2 Apple, Canonical 2 Safari, Ubuntu Linux 2019-10-03 6.8
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.