VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,439 total · sorted by risk
  • CVE-2015-1070Mar 18, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed…

  • CVE-2015-1069Mar 18, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed…

  • CVE-2015-1068Mar 18, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed…

  • CVE-2015-1066Mar 12, 2015
    risk 0.00cvss epss 0.03

    Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2015-1065Mar 12, 2015
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

  • CVE-2015-1064Mar 12, 2015
    risk 0.00cvss epss 0.00

    Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.

  • CVE-2015-1063Mar 12, 2015
    risk 0.00cvss epss 0.03

    CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.

  • CVE-2015-1062Mar 12, 2015
    risk 0.00cvss epss 0.01

    MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.

  • CVE-2015-1061Mar 12, 2015
    risk 0.00cvss epss 0.04

    IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

  • CVE-2015-0228Mar 8, 2015
    risk 0.00cvss epss 0.19

    The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade…

  • CVE-2014-9679Feb 19, 2015
    risk 0.00cvss epss 0.05

    Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

  • CVE-2015-1546Feb 12, 2015
    risk 0.00cvss epss 0.03

    Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

  • CVE-2014-8840Jan 30, 2015
    risk 0.00cvss epss 0.02

    The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

  • CVE-2014-8839Jan 30, 2015
    risk 0.00cvss epss 0.02

    Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's…

  • CVE-2014-8838Jan 30, 2015
    risk 0.00cvss epss 0.01

    The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.

  • CVE-2014-8837Jan 30, 2015
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-8836Jan 30, 2015
    risk 0.00cvss epss 0.03

    The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

  • CVE-2014-8834Jan 30, 2015
    risk 0.00cvss epss 0.00

    UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

  • CVE-2014-8833Jan 30, 2015
    risk 0.00cvss epss 0.00

    SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

  • CVE-2014-8832Jan 30, 2015
    risk 0.00cvss epss 0.00

    The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.

  • CVE-2014-8831Jan 30, 2015
    risk 0.00cvss epss 0.01

    security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.

  • CVE-2014-8830Jan 30, 2015
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

  • CVE-2014-8829Jan 30, 2015
    risk 0.00cvss epss 0.02

    SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

  • CVE-2014-8828Jan 30, 2015
    risk 0.00cvss epss 0.02

    Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

  • CVE-2014-8827Jan 30, 2015
    risk 0.00cvss epss 0.00

    LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

  • CVE-2014-8825Jan 30, 2015
    risk 0.00cvss epss 0.00

    The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.

  • CVE-2014-8824Jan 30, 2015
    risk 0.00cvss epss 0.03

    The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-8823Jan 30, 2015
    risk 0.00cvss epss 0.00

    The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

  • CVE-2014-8822Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.

  • CVE-2014-8821Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.

  • CVE-2014-8820Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.

  • CVE-2014-8819Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

  • CVE-2014-8817Jan 30, 2015
    risk 0.00cvss epss 0.03

    coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of…

  • CVE-2014-8816Jan 30, 2015
    risk 0.00cvss epss 0.02

    CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.

  • CVE-2014-4499Jan 30, 2015
    risk 0.00cvss epss 0.00

    The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

  • CVE-2014-4498Jan 30, 2015
    risk 0.00cvss epss 0.00

    The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.

  • CVE-2014-4497Jan 30, 2015
    risk 0.00cvss epss 0.02

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.

  • CVE-2014-4496Jan 30, 2015
    risk 0.00cvss epss 0.02

    The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

  • CVE-2014-4495Jan 30, 2015
    risk 0.00cvss epss 0.03

    The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

  • CVE-2014-4494Jan 30, 2015
    risk 0.00cvss epss 0.01

    Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate…

  • CVE-2014-4493Jan 30, 2015
    risk 0.00cvss epss 0.01

    The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

  • CVE-2014-4491Jan 30, 2015
    risk 0.00cvss epss 0.02

    The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…

  • CVE-2014-4489Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…

  • CVE-2014-4488Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-4487Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-4486Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference)…

  • CVE-2014-4485Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

  • CVE-2014-4484Jan 30, 2015
    risk 0.00cvss epss 0.04

    FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

  • CVE-2014-4483Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

  • CVE-2014-4481Jan 30, 2015
    risk 0.00cvss epss 0.06

    Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Page 125 of 169