Search Results (4427 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6982 1 Apple 1 Iphone Os 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.
CVE-2015-6981 1 Apple 1 Iphone Os 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.
CVE-2014-1348 1 Apple 1 Iphone Os 2025-04-12 N/A
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.
CVE-2015-6979 1 Apple 2 Iphone Os, Watchos 2025-04-12 N/A
GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-6978 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
CVE-2014-1345 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
CVE-2015-6988 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
CVE-2015-6977 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
CVE-2014-1325 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 N/A
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
CVE-2015-6976 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
CVE-2015-6975 1 Apple 3 Iphone Os, Itunes, Mac Os X 2025-04-12 N/A
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
CVE-2014-1320 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
CVE-2015-6974 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5942 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.
CVE-2014-1296 1 Apple 4 Iphone Os, Mac Os X, Mac Os X Server and 1 more 2025-04-12 N/A
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
CVE-2015-5940 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2015-5939 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.
CVE-2014-1295 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
CVE-2015-5937 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.
CVE-2015-5936 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.