1936 matches found
CVE-2023-42823
CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...
CVE-2023-42942
CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....
CVE-2024-27818
Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...
CVE-2024-27789
CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...
CVE-2024-27816
The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...
CVE-2020-27918
CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...
CVE-2021-23841
CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...
CVE-2023-32373
CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...
CVE-2023-28204
CVE-2023-28204 is an out-of-bounds read in WebKit caused by improper input handling while processing web content. It affects WebKit-based components and was fixed in multiple vendor advisories: Apple updates (watchOS/macOS/iOS/iPadOS/Safari) and WebKitGTK/WPE WebKit packages (e.g., webkitgtk4 2.3...
CVE-2023-32409
CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...
CVE-2022-2294
CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...
CVE-2021-30661
CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...
CVE-2021-1789
The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...
CVE-2020-6514
CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...
CVE-2022-22675
CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....
CVE-2020-7463
CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...
CVE-2021-1871
CVE-2021-1871 is a WebKit/WebKitGTK logic issue that could allow remote code execution. Public sources confirm the flaw affects multiple WebKit components and was fixed in macOS Big Sur 11.2, macOS Security Update 2021-001 for Catalina and Mojave, and iOS/iPadOS 14.4. Debian’s security advisory (...
CVE-2021-1870
CVE-2021-1870 affects WebKitGTK/WebKitGTK-based packages (e.g., Arch Linux webkitgtk4) prior to version 2.30.6. A remote attacker could craft web content to cause arbitrary code execution. Upstream fix is in 2.30.6; Arch advisories (ASA-202103-24/25) and CVE listings confirm the vulnerability and...
CVE-2021-30860
CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...
CVE-2021-30858
CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...
CVE-2020-15969
CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...
CVE-2021-30665
CVE-2021-30665 is a memory corruption vulnerability in WebKitGTK/WebKit (before 2.32.3) that can lead to arbitrary code execution when processing malicious web content. It is listed in multiple advisories across WebKitGTK/WebKit and Apple platforms (watchOS/iOS/iPadOS/macOS/tvOS) with exploitatio...
CVE-2021-30663
CVE-2021-30663 relates to WebKit/WebKitGTK and involves an integer overflow when processing malicious web content, potentially allowing arbitrary code execution. Publicly documented fixes include upstream WebKitGTK and related WebKit components, with patches delivering non-exploit code paths, and...
CVE-2022-37434
CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...
CVE-2023-32419
CVE-2023-32419 describes a bounds-checks issue in Apple iOS/iPadOS that could allow a remote attacker to execute arbitrary code. It is fixed in iOS 16.5 and iPadOS 16.5. No exploitation details are provided beyond that; updating to the patched OS versions is the recommended remediation.
CVE-2022-22620
CVE-2022-22620 is a WebKit use-after-free vulnerability affecting Apple WebKit/ Safari stack (e.g., WebKit in macOS/iOS/iPadOS, and WebKitGTK/WebKitGTK-based ports). Exploitation involves processing malicious web content, potentially enabling arbitrary code execution. Apple’s fixes are in Safari ...
CVE-2022-32893
CVE-2022-32893 is an out-of-bounds write vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The CVE is fixed in Apple products by updates: iOS 15.6.1 / iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. Connected advisories not...
CVE-2021-1879
CVE-2021-1879 affects Apple WebKit/WebKit-based parsing in iOS/iPadOS/watchOS (WebKit component). The issue is a cross-site scripting vulnerability triggered by processing malicious web content, potentially leading to universal XSS. Root cause: improved management of object lifetimes in WebKit/CS...
CVE-2020-9859
CVE-2020-9859 is an Apple kernel code execution vulnerability triggered by a memory consumption issue. Affected products include iOS 13.5.1/iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6. Root cause: memory handling flaw that could allow an application t...
CVE-2023-32367
CVE-2023-32367: Apple documents an entitlement-related issue where an app may access user-sensitive data. The vulnerability is mitigated in iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4 (Patch/UPDATE_REQUIRED). No exploitation details are provided in the connected documents; remediation is to ...
CVE-2022-22587
CVE-2022-22587 is an Apple IOMobileFrameBuffer memory corruption vulnerability that could allow code execution with kernel privileges. The issue is cited as fixed in iOS 15.3, iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2. Apple’s advisory notes a report that it may have been activel...
CVE-2020-27950
CVE-2020-27950 is a memory initialization issue in Apple’s XNU kernel that could allow a malicious app to disclose kernel memory. The CVE is fixed in multiple Apple updates: macOS Big Sur 11.0.1, iOS 14.2/iPadOS 14.2, watchOS 7.1, watchOS 6.2.9, and Security Updates for macOS Catalina 10.15.7 (Su...
CVE-2021-30869
CVE-2021-30869 is a type confusion vulnerability in Apple’s XNU kernel that may allow a malicious application to execute arbitrary code with kernel privileges. The issue affects iOS/iPadOS and macOS (XNU IPC-related code) and was observed in-the-wild in conjunction with WebKit-related flaws; expl...
CVE-2023-37450
CVE-2023-37450 is a WebKit/WebKitGTK-related vulnerability where processing web content may lead to arbitrary code execution. Apple’s documentation states the issue was addressed with improved checks and memory handling, with fixes in iOS 16.6 / iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventur...
CVE-2023-23529
CVE-2023-23529 is a type confusion vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. Apple’s advisory covers iOS/iPadOS/macOS/Safari patches (iOS 15.7.4, 16.3.1, macOS Ventura 13.2.1, Safari 16.3) and notes active exploitation repor...
CVE-2020-27932
CVE-2020-27932 is a kernel-type-confusion issue in Apple’s XNU (mach turnstiles) that could allow a malicious app to execute code with kernel privileges. Connected sources confirm the root cause as a type confusion in kernel IPC machinery and note exploitation in-the-wild only in a macOS/iOS/macO...
CVE-2021-1782
CVE-2021-1782 is an iOS/XNU in-the-wild vulnerability in the IPC vouchers subsystem. Project Zero details a race window around user_data handling: an non-atomic increment of e_made in a user_data_value_element can desynchronize with ivace->ivace_made, enabling a race between releasing and revi...
CVE-2021-30807
CVE-2021-30807 is a memory-corruption flaw in Apple’s IOMobileFrameBuffer kernel extension that can allow an app to execute arbitrary code with kernel privileges. The issue affects iOS, iPadOS, macOS (and watchOS via related advisories) and is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS ...
CVE-2021-30883
CVE-2021-30883 is an memory-corruption vulnerability in Apple’s IOMobileFrameBuffer that can allow a malicious app to execute arbitrary code with kernel privileges. Apple patched it across iOS/iPadOS 14.8.1 and 15.0.2, macOS Big Sur 11.6.1 and Monterey 12.0.1, tvOS 15.1, and watchOS 8.1. The Appl...
CVE-2022-32917
CVE-2022-32917 is a kernel-level remote code execution risk in Apple OSes addressed by fixes that implement improved bounds checks. Affected: macOS Big Sur 11.7, macOS Monterey 12.6, iOS 15.7, iPadOS 15.7, iOS 16. The issue allowed an application to execute arbitrary code with kernel privileges a...
CVE-2020-27930
CVE-2020-27930 is a memory corruption vulnerability in font parsing that can lead to arbitrary code execution when processing a malicious font. Affected Apple software includes macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, watchOS 7.1, and corresponding Security Updates (e.g., High Sierra/Mojave)....
CVE-2020-9818
CVE-2020-9818 describes an out‑of‑bounds write in the Mail component of Apple iOS/iPadOS/watchOS. Affected versions: iOS 13.5 and iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. Root cause: improved bounds checking in handling of malicious mail messages may prevent memory corruption. Impact as stated...
CVE-2020-9819
CVE-2020-9819 is a memory consumption issue in Apple’s Mail processing that can lead to heap corruption when handling a maliciously crafted mail message. Public sources confirm the vulnerability affects Apple platforms and was fixed in specific updates: iOS 13.5, iPadOS 13.5, iOS 12.4.7, watchOS ...
CVE-2023-27930
CVE-2023-27930 is a kernel-level type confusion vulnerability addressed by Apple in iOS 16.5 / iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The issue allows an app to potentially execute arbitrary code with kernel privileges due to a type confusion in the kernel; Apple notes impro...
CVE-2023-32434
CVE-2023-32434 is an Apple kernel vulnerability in the XNU VM layer causing an integer overflow that could allow an app to execute code with kernel privileges. Public documentation confirms fixed in multiple OS versions (watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 / iPadOS 15.7.7, macOS Monte...
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2022-42856
CVE-2022-42856 is a type-confusion vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The connected documents confirm impact across WebKit-based products, including Apple WebKit (Safari) and WebKitGTK, with fixes in Safari 16.2, macO...
CVE-2020-3837
CVE-2020-3837 is an Apple memory-corruption issue fixed in iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2, with potential to run arbitrary code with kernel privileges. Connected analysis documents reveal concrete Android exploitation research tied to this CVE fa...
CVE-2022-32894
CVE-2022-32894 is an out-of-bounds write in Apple’s kernel code that could allow arbitrary code execution with kernel privileges. Affected products include iOS/iPadOS/macOS kernel components (macOS Big Sur and newer). The issue was fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, wi...
CVE-2022-42827
CVE-2022-42827 is an Apple kernel out-of-bounds write vulnerability. It affects iOS/iPadOS; exploit could allow arbitrary code execution with kernel privileges. Fixed in iOS 15.7.1/iPadOS 15.7.1 and iOS 16.x/iPadOS 16.x. Some sources indicate active exploitation; update to patched releases is rec...