Lucene search
+L

89 matches found

CVE
CVE
added 2020/10/27 7:45 p.m.107 views

CVE-2019-8752

CVE-2019-8752 is a memory corruption issue in WebKit that affects Safari and related Apple platforms (Safari/WebKit stack handling malicious web content). The root cause is memory corruption in WebKit components, with the published impact: arbitrary code execution if a user visits a maliciously c...

8.8CVSS8.8AI score0.01358EPSS
CVE
CVE
added 2020/10/27 7:46 p.m.104 views

CVE-2019-8762

CVE-2019-8762 is a WebKit/Web content validation issue resolved across multiple Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Patches are included in Safari 13.0.1, iOS/iPadOS 13.1, tvOS 13, iCloud for Windows 10.7, iCloud for...

6.1CVSS6.3AI score0.00686EPSS
CVE
CVE
added 2021/04/02 6:2 p.m.104 views

CVE-2021-1795

CVE-2021-1795 is a Bluetooth-related out-of-bounds write in iOS/iPadOS components, addressed by Apple in iOS 14.4 and iPadOS 14.4 via improved input validation. Attack vector is remote over Bluetooth; impact described as potential arbitrary code execution. The Apple HT212146 security content conf...

9.8CVSS8.2AI score0.02091EPSS
CVE
CVE
added 2021/04/02 6:3 p.m.104 views

CVE-2021-1796

CVE-2021-1796 corresponds to an Apple vulnerability affecting iOS 14.4/iPadOS 14.4 (Bluetooth-related) where an out-of-bounds write was addressed by improved input validation. The issue could allow a remote attacker to cause arbitrary code execution, with Apple listing this alongside other Blueto...

9.8CVSS8.2AI score0.01971EPSS
CVE
CVE
added 2020/10/27 7:48 p.m.103 views

CVE-2019-8773

CVE-2019-8773 describes memory corruption issues in WebKit affecting how malicious web content is processed across Apple platforms. The root cause is multiple memory corruption vulnerabilities in WebKit, addressed by improved memory handling. Impact: processing maliciously crafted web content may...

8.8CVSS8.8AI score0.01358EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.100 views

CVE-2024-23270

The CVE-2024-23270 issue affects macOS (Monterey 12.7.4; Ventura 13.6.5; Sonoma 14.4) and iOS/iPadOS/tvOS (17.4) where an app may execute arbitrary code with kernel privileges due to improved memory handling. Affected components are not explicitly named in the provided documents; the vulnerabilit...

7.8CVSS7.4AI score0.00277EPSS
CVE
CVE
added 2021/08/24 6:49 p.m.99 views

CVE-2021-30896

CVE-2021-30896 is a logic-issue vulnerability in Apple’s Game Center that could allow a malicious app to read a user’s gameplay data. The initial entry states a logic issue addressed with improved restrictions and lists affected platforms as iOS/iPadOS 15.0.x, tvOS 15.x, watchOS 8.x, and macOS Mo...

5.5CVSS5.2AI score0.00884EPSS
CVE
CVE
added 2021/04/02 6:2 p.m.98 views

CVE-2021-1794

CVE-2021-1794 affects Apple iOS/iPadOS Bluetooth, where an out-of-bounds read was addressed by input validation fixes. Impact: remote code execution possibility. Version fix: iOS 14.4 / iPadOS 14.4. Documented in Apple HT212146 and corroborated by NVD/Red Hat entries; no exploit details provided ...

9.8CVSS8.1AI score0.02149EPSS
CVE
CVE
added 2024/03/05 7:24 p.m.97 views

CVE-2024-23243

CVE-2024-23243 affects Apple iOS 17.4 and iPadOS 17.4, describing a privacy issue where an app may read sensitive location information due to insufficient private data redaction in log entries. Apple fixes are in iOS 17.4 / iPadOS 17.4. Remediation: update to these versions. Practical impact: lim...

4.3CVSS6.2AI score0.00574EPSS
CVE
CVE
added 2020/10/27 7:44 p.m.95 views

CVE-2019-8740

CVE-2019-8740 is a memory corruption vulnerability in Apple’s kernel components. The vulnerability allows an application to potentially execute arbitrary code with kernel privileges. Apple fixes this in iOS 13.1/iPadOS 13.1, watchOS 6, and tvOS 13 by improving locking in the related kernel code. ...

9.3CVSS8.2AI score0.01242EPSS
CVE
CVE
added 2020/04/01 5:47 p.m.95 views

CVE-2020-3887

CVE-2020-3887 is a legitimate vulnerability tied to multiple Apple products. A download origin could be incorrectly associated due to a logic/restrictions handling issue in WebKit-based components. The CVE is addressed in Apple updates: iOS 13.4 / iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for W...

4.3CVSS5.3AI score0.01163EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.95 views

CVE-2024-23205

CVE-2024-23205 describes a privacy issue in Apple platforms where an app may be able to access sensitive user data due to insufficient private data redaction in log entries. The vulnerability is fixed in macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4. Affected components are tied to log handling, w...

5.5CVSS7.1AI score0.0022EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.95 views

CVE-2024-23277

CVE-2024-23277 concerns macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4. The vulnerability allows an attacker on a privileged network position to inject keystrokes by spoofing a keyboard. Apple’s security content indicates this issue is addressed in the 14.4/17.4 updates. The root cause is tied to k...

5.9CVSS6.8AI score0.00715EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.94 views

CVE-2024-0258

CVE-2024-0258 is an Apple memory-handling fix that affects multiple platforms. Connected sources indicate the issue is fixed in tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4 and watchOS 10.4. Apple security notes describe that an app may be able to execute arbitrary code outside its sandbox...

8.6CVSS7.5AI score0.00263EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.93 views

CVE-2024-23242

CVE-2024-23242 describes a privacy issue where content in text fields was logged, allowing an app to view Mail data. The NCIS of this flaw is not logging such information and affects Apple platforms: the vulnerability is fixed in macOS Sonoma 14.4 and in iOS/iPadOS 17.4. The root cause is not det...

3.3CVSS7.1AI score0.00215EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.93 views

CVE-2024-23250

CVE-2024-23250 affects Apple platforms including macOS Sonoma 14.4, tvOS 17.4, iOS 17.4, iPadOS 17.4 and watchOS 10.4. Description: an access issue where an app may access Bluetooth-connected microphones without user permission. Root cause: access restrictions were improved. Remediation: fixed in...

5.5CVSS7.1AI score0.00236EPSS
CVE
CVE
added 2021/04/02 5:36 p.m.92 views

CVE-2020-27943

CVE-2020-27943 describes a memory corruption bug in FontParser when processing font files, leading to arbitrary code execution. Apple fixes apply to tvOS 14.3, iOS/iPadOS 14.3, macOS Big Sur 11.1, and corresponding Security Updates for Catalina/Mojave, plus watchOS 7.2. The root cause is a font p...

7.8CVSS7.9AI score0.00982EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.91 views

CVE-2024-23255

CVE-2024-23255 describes an authentication issue in Apple devices where photos in the Hidden Photos Album could be viewed without authentication due to improved state management. Affected platforms include macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4; Apple patches are available in those versions...

9.1CVSS7.1AI score0.00672EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.90 views

CVE-2024-23239

CVE-2024-23239 is a race condition affecting Apple platforms. The advisory notes an issue with improved state handling that may allow an app to leak sensitive user information. Affected versions include tvOS 17.4, iOS 17.4 / iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4. Mitigation is to apply...

5.9CVSS7.1AI score0.00434EPSS
CVE
CVE
added 2020/04/01 5:45 p.m.88 views

CVE-2020-3883

CVE-2020-3883 affects Apple platforms (iOS/iPadOS, macOS Catalina, tvOS, watchOS) and concerns an entitlement issue where an application may be able to use arbitrary entitlements. The vulnerability is addressed by Apple with fixes in iOS 13.4 / iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and ...

8.8CVSS7AI score0.01036EPSS
CVE
CVE
added 2020/10/22 5:53 p.m.87 views

CVE-2020-9772

CVE-2020-9772 involves a logic issue that allowed a sandboxed process to potentially circumvent sandbox restrictions. Apple states this vulnerability affects multiple platforms and was fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2. The description emphasize...

5.5CVSS5.5AI score0.00312EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.87 views

CVE-2024-23241

CVE-2024-23241 affects Apple platforms and is an information disclosure issue addressed by Apple in a coordinated update. The NVD entry states improved state management fixes the vulnerability, with the fix shipping in macOS Sonoma 14.4 and iOS/tvOS/iPadOS 17.4. The vulnerability could allow an a...

6.5CVSS7.1AI score0.00441EPSS
CVE
CVE
added 2021/04/02 5:37 p.m.86 views

CVE-2020-27944

The CVE-2020-27944 entry concerns a memory corruption vulnerability in FontParser when processing maliciously crafted font files. Apple security disclosures (HT212003/HT212005/HT212009) indicate the issue could allow arbitrary code execution and is addressed by updates in watchOS 7.2, macOS Big S...

7.8CVSS7.9AI score0.01008EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.86 views

CVE-2024-23297

CVE-2024-23297 affects Apple’s tvOS, iOS, iPadOS and watchOS prior to updates; root cause described as improved checks, with the issue fixed in tvOS 17.4, iOS 17.4, iPadOS 17.4 and watchOS 10.4. The vulnerability could allow a malicious application to access private information. Connected sources...

5.5CVSS5.8AI score0.00283EPSS
CVE
CVE
added 2020/10/22 5:53 p.m.85 views

CVE-2020-9787

CVE-2020-9787 is a logic issue in WebKit/Safari affecting macOS Catalina and iOS/watchOS/tvOS platforms where some websites may not appear in Safari Preferences. The issue was addressed with improved restrictions and patches are provided in iOS 13.4 / iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13....

5.3CVSS5.5AI score0.01272EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.84 views

CVE-2024-23220

The CVE-2024-23220 issue affects Apple visionOS, iOS, and iPadOS Safari related to fingerprinting the user due to an issue in cache handling. The vulnerability arises from the Safari component (on Apple Vision Pro platforms) where improper cache handling could allow an app to fingerprint the user...

5.5CVSS5.8AI score0.00237EPSS
CVE
CVE
added 2024/03/28 3:39 p.m.79 views

CVE-2023-42974

Apple CVE-2023-42974: A race condition with improved state handling could allow an app to execute arbitrary code with kernel privileges. Fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.2, and iOS/iPadOS 16.7.3–17.2. Impact is high (local, requires user interaction). No explo...

7CVSS7.8AI score0.00148EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.78 views

CVE-2024-23293

CVE-2024-23293 affects Apple devices running iOS/iPadOS 17.4, tvOS 17.4, watchOS 10.4, and macOS Sonoma 14.4. The issue, described as being addressed via improved state management, could allow an attacker with physical access to exploit Siri to access sensitive user data. The fixed versions are t...

4.6CVSS7.1AI score0.00413EPSS
CVE
CVE
added 2024/03/05 7:24 p.m.76 views

CVE-2024-23256

CVE-2024-23256 describes a logic issue affecting Apple iOS/iPadOS Safari Private Browsing (Locked Private Browsing). The connected documents confirm the vulnerability arises from improved state management, causing a user’s locked tabs to be briefly visible when switching tab groups while Locked P...

3.3CVSS6.3AI score0.00258EPSS
CVE
CVE
added 2020/10/27 7:50 p.m.75 views

CVE-2019-8774

CVE-2019-8774 affects Apple’s Books component across iOS/iPadOS and macOS Catalina. A resource-exhaustion (denial-of-service) condition occurs when parsing a maliciously crafted iBooks file, due to input validation weaknesses in Books. Apple patched this in iOS 13.1, iPadOS 13.1, and macOS Catali...

5.5CVSS5.5AI score0.00606EPSS
CVE
CVE
added 2020/10/22 5:49 p.m.75 views

CVE-2020-3918

CVE-2020-3918 affects Apple platforms (iOS/iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2). Root cause described as an access issue resolved by additional sandbox restrictions, reducing the ability of a local user to view sensitive information. Affected components are tied to sandbox...

5.5CVSS5.3AI score0.00295EPSS
CVE
CVE
added 2020/12/08 7:22 p.m.74 views

CVE-2020-9972

CVE-2020-9972 describes a buffer overflow in processing a malicious USD file that affects Apple devices. Root cause: memory handling issue; impact: may terminate the affected app or allow arbitrary code execution. Fix: Apple addressed in iOS 14.0 and iPadOS 14.0. Additional context from connected...

7.8CVSS8AI score0.01359EPSS
CVE
CVE
added 2020/04/01 5:48 p.m.70 views

CVE-2020-3891

Affected product: Messages component on Apple iOS/iPadOS/watchOS. Issue: A logic issue in state management allowed a person with physical access to a locked device to respond to messages even when replies were disabled. Root cause: logic/state-management flaw in Messages. Impact: could enable rep...

2.4CVSS3.8AI score0.00297EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.69 views

CVE-2024-23240

CVE-2024-23240 affects Apple iOS/iPadOS via the Photos feature, where the shake-to-undo workflow could re-surface a deleted photo without authentication. The issue is addressed in iOS 17.4 and iPadOS 17.4 with updated checks. If you rely on this CVE data, apply the 17.4 updates to mitigate. The c...

2.4CVSS5.5AI score0.00257EPSS
CVE
CVE
added 2025/04/11 2:54 p.m.62 views

CVE-2023-42977

CVE-2023-42977 concerns a path-handling issue in Apple platforms that could allow an app to break out of its sandbox. The connected documents specify that the vulnerability affects Apple iOS prior to 17 and iPadOS prior to 17, and macOS Sonoma prior to 14, with the root cause described as a path ...

7.8CVSS5.7AI score0.00203EPSS
CVE
CVE
added 2024/10/28 9:7 p.m.60 views

CVE-2024-44297

The CVE-2024-44297 issue is resolved by Apple in multiple platforms. Affected products include tvOS 18.1; iOS 18.1 and iPadOS 18.1; iOS 17.7.1 and iPadOS 17.7.1; macOS Ventura 13.7.1 and macOS Sonoma 14.7.1; watchOS 11.1; and visionOS 2.1. The vulnerability arises from insufficient bounds checks ...

6.5CVSS5.9AI score0.00842EPSS
CVE
CVE
added 2020/04/01 5:46 p.m.58 views

CVE-2020-3888

CVE-2020-3888 affects Apple’s Web App component (iOS/iPadOS Safari/WebKit). Description: a logic issue where a malicious page could interfere with other web contexts. Root cause: improved restrictions address the logic issue. Impact: potential interference with other web contexts within Web App/W...

4.3CVSS5AI score0.00671EPSS
CVE
CVE
added 2020/04/01 5:46 p.m.55 views

CVE-2020-3890

CVE-2020-3890 affects Apple iOS/iPadOS Messages Composition: a logic/deletion issue allowed deleted message groups to be suggested as autocompletion. Root cause: deletion handling in Messages Composition. Impact: potential leakage of deleted content via autocomplete suggestions. Mitigation: patch...

5.3CVSS5.5AI score0.00802EPSS
CVE
CVE
added 2024/09/16 11:22 p.m.50 views

CVE-2024-44139

CVE-2024-44139 affects iOS 18 and iPadOS 18; fix implemented in those versions. The vulnerability allowed an attacker with physical access to potentially access contacts from the lock screen. Root cause described as requiring improved checks; no explicit exploitation details are provided in the s...

2.4CVSS5.5AI score0.00249EPSS
Total number of security vulnerabilities89