Vendor CVEs
Apple Inc.
All CVEs
8,451 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24088 | 0.00 | — | 0.00 | Sep 15, 2025 | The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles. | |||
| CVE-2025-43287 | 0.00 | — | 0.00 | Sep 15, 2025 | The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory. | |||
| CVE-2025-43340 | 0.00 | — | 0.00 | Sep 15, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | |||
| CVE-2025-43263 | 0.00 | — | 0.00 | Sep 15, 2025 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | |||
| CVE-2025-43371 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. | |||
| CVE-2025-43279 | 0.00 | — | 0.00 | Sep 15, 2025 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | |||
| CVE-2025-30468 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | |||
| CVE-2025-43297 | 0.00 | — | 0.00 | Sep 15, 2025 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service. | |||
| CVE-2025-31254 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection. | |||
| CVE-2025-43307 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||
| CVE-2025-43370 | 0.00 | — | 0.00 | Sep 15, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||
| CVE-2025-43262 | 0.00 | — | 0.00 | Sep 15, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot. | |||
| CVE-2025-43331 | 0.00 | — | 0.00 | Sep 15, 2025 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | |||
| CVE-2025-43366 | 0.00 | — | 0.00 | Sep 15, 2025 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory. | |||
| CVE-2024-54554 | 0.00 | — | 0.00 | Aug 29, 2025 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | |||
| CVE-2024-54568 | 0.00 | — | 0.00 | Aug 29, 2025 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination. | |||
| CVE-2024-44271 | 0.00 | — | 0.00 | Aug 29, 2025 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | |||
| CVE-2025-43268 | 0.00 | — | 0.00 | Aug 29, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | |||
| CVE-2025-43201 | 0.00 | — | 0.00 | Aug 15, 2025 | This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | |||
| CVE-2024-27301 | Hig | 0.00 | 7.3 | 0.00 | Mar 14, 2024 | Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang… | ||
| CVE-2022-26691 | Med | 0.00 | 6.7 | 0.01 | May 26, 2022 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | ||
| CVE-2017-18248 | Med | 0.00 | 5.3 | 0.02 | Mar 26, 2018 | The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. | ||
| CVE-2017-18190 | Hig | 0.00 | 7.5 | 0.03 | Feb 16, 2018 | A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often… | ||
| CVE-2015-8242 | 0.00 | — | 0.04 | Dec 15, 2015 | The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||
| CVE-2015-7500 | 0.00 | — | 0.06 | Dec 15, 2015 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||
| CVE-2015-5312 | 0.00 | — | 0.05 | Dec 15, 2015 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | |||
| CVE-2015-7113 | 0.00 | — | 0.03 | Dec 11, 2015 | The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. | |||
| CVE-2015-7111 | 0.00 | — | 0.03 | Dec 11, 2015 | The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than… | |||
| CVE-2015-7109 | 0.00 | — | 0.02 | Dec 11, 2015 | IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2015-7107 | 0.00 | — | 0.03 | Dec 11, 2015 | QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||
| CVE-2015-7105 | 0.00 | — | 0.04 | Dec 11, 2015 | CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||
| CVE-2015-7104 | 0.00 | — | 0.02 | Dec 11, 2015 | WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||
| CVE-2015-7103 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7102 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7101 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7100 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7099 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7098 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7097 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7096 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7095 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096,… | |||
| CVE-2015-7094 | 0.00 | — | 0.01 | Dec 11, 2015 | CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | |||
| CVE-2015-7093 | 0.00 | — | 0.01 | Dec 11, 2015 | Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. | |||
| CVE-2015-7082 | 0.00 | — | 0.02 | Dec 11, 2015 | Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. | |||
| CVE-2015-7081 | 0.00 | — | 0.02 | Dec 11, 2015 | iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||
| CVE-2015-7080 | 0.00 | — | 0.00 | Dec 11, 2015 | Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||
| CVE-2015-7079 | 0.00 | — | 0.03 | Dec 11, 2015 | dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2015-7076 | 0.00 | — | 0.00 | Dec 11, 2015 | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2015-7075 | 0.00 | — | 0.04 | Dec 11, 2015 | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file. | |||
| CVE-2015-7074 | 0.00 | — | 0.03 | Dec 11, 2015 | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file. |
- CVE-2025-24088Sep 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.
- CVE-2025-43287Sep 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.
- CVE-2025-43340Sep 15, 2025risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
- CVE-2025-43263Sep 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
- CVE-2025-43371Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
- CVE-2025-43279Sep 15, 2025risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.
- CVE-2025-30468Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.
- CVE-2025-43297Sep 15, 2025risk 0.00cvss —epss 0.00
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.
- CVE-2025-31254Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.
- CVE-2025-43307Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
- CVE-2025-43370Sep 15, 2025risk 0.00cvss —epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
- CVE-2025-43262Sep 15, 2025risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.
- CVE-2025-43331Sep 15, 2025risk 0.00cvss —epss 0.00
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
- CVE-2025-43366Sep 15, 2025risk 0.00cvss —epss 0.00
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
- CVE-2024-54554Aug 29, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
- CVE-2024-54568Aug 29, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.
- CVE-2024-44271Aug 29, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
- CVE-2025-43268Aug 29, 2025risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
- CVE-2025-43201Aug 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
- risk 0.00cvss 7.3epss 0.00
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang…
- risk 0.00cvss 6.7epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
- risk 0.00cvss 5.3epss 0.02
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
- risk 0.00cvss 7.5epss 0.03
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often…
- CVE-2015-8242Dec 15, 2015risk 0.00cvss —epss 0.04
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
- CVE-2015-7500Dec 15, 2015risk 0.00cvss —epss 0.06
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
- CVE-2015-5312Dec 15, 2015risk 0.00cvss —epss 0.05
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- CVE-2015-7113Dec 11, 2015risk 0.00cvss —epss 0.03
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
- CVE-2015-7111Dec 11, 2015risk 0.00cvss —epss 0.03
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
- CVE-2015-7109Dec 11, 2015risk 0.00cvss —epss 0.02
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- CVE-2015-7107Dec 11, 2015risk 0.00cvss —epss 0.03
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
- CVE-2015-7105Dec 11, 2015risk 0.00cvss —epss 0.04
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
- CVE-2015-7104Dec 11, 2015risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2015-7103Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7102Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7101Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7100Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7099Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7098Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7097Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7096Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7095Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096,…
- CVE-2015-7094Dec 11, 2015risk 0.00cvss —epss 0.01
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
- CVE-2015-7093Dec 11, 2015risk 0.00cvss —epss 0.01
Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.
- CVE-2015-7082Dec 11, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
- CVE-2015-7081Dec 11, 2015risk 0.00cvss —epss 0.02
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
- CVE-2015-7080Dec 11, 2015risk 0.00cvss —epss 0.00
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
- CVE-2015-7079Dec 11, 2015risk 0.00cvss —epss 0.03
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- CVE-2015-7076Dec 11, 2015risk 0.00cvss —epss 0.00
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
- CVE-2015-7075Dec 11, 2015risk 0.00cvss —epss 0.04
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
- CVE-2015-7074Dec 11, 2015risk 0.00cvss —epss 0.03
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
Page 114 of 170