Export limit exceeded: 13448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3754 | 1 Apple | 1 Safari | 2025-04-12 | N/A |
| The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site. | ||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | ||||
| CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | ||||
| CVE-2015-3757 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | ||||
| CVE-2015-3758 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | ||||
| CVE-2015-3761 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-3762 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | ||||
| CVE-2015-3764 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | ||||
| CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| CVE-2015-3767 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | ||||
| CVE-2015-3771 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772. | ||||
| CVE-2015-3772 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. | ||||
| CVE-2015-3773 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2015-3774 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. | ||||
| CVE-2015-3775 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. | ||||
| CVE-2015-3776 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | ||||
| CVE-2015-3782 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | ||||
| CVE-2015-3781 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. | ||||
| CVE-2015-3785 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. | ||||