Lucene search

K
AppleIphone Os

3721 matches found

CVE
CVE
added 2017/02/20 8:59 a.m.51 views

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a cr...

9.3CVSS7.1AI score0.00157EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.51 views

CVE-2016-7615

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.

5.5CVSS4.9AI score0.00049EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.51 views

CVE-2016-7627

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via ...

6.5CVSS5.6AI score0.00498EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.51 views

CVE-2016-7658

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appl...

8.8CVSS7.8AI score0.00885EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.51 views

CVE-2016-7667

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.

7.5CVSS5.8AI score0.00628EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.51 views

CVE-2017-2384

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.

3.3CVSS4.5AI score0.00053EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.51 views

CVE-2017-2526

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8AI score0.00752EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.51 views

CVE-2017-7003

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application cra...

5.5CVSS5.6AI score0.00277EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.51 views

CVE-2017-7140

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.

5.3CVSS5.1AI score0.00208EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.51 views

CVE-2018-4082

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or c...

9.3CVSS8.1AI score0.00187EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.51 views

CVE-2018-4305

An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

6.5CVSS6.8AI score0.00087EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.51 views

CVE-2018-4363

An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

7.1CVSS6.2AI score0.00247EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.51 views

CVE-2018-4431

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

5.5CVSS5.5AI score0.0209EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.51 views

CVE-2018-4436

A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

7.5CVSS7AI score0.00126EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.51 views

CVE-2019-8538

A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.

5.5CVSS5.5AI score0.00196EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.51 views

CVE-2019-8727

A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.1AI score0.00351EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.51 views

CVE-2020-9964

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.

5.5CVSS5AI score0.00117EPSS
CVE
CVE
added 2021/09/08 3:15 p.m.51 views

CVE-2021-1838

This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.4AI score0.00418EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.51 views

CVE-2021-31007

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.

5.5CVSS5.3AI score0.00133EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.51 views

CVE-2022-32867

This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.

2.4CVSS3.9AI score0.00095EPSS
CVE
CVE
added 2023/09/06 2:15 a.m.51 views

CVE-2023-34352

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

5.3CVSS4.8AI score0.00208EPSS
CVE
CVE
added 2023/09/06 9:15 p.m.51 views

CVE-2023-38605

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.

3.3CVSS4AI score0.0008EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.51 views

CVE-2023-40409

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00036EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.51 views

CVE-2023-41174

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.1AI score0.00038EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.51 views

CVE-2023-42862

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.

6.5CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.51 views

CVE-2024-40857

This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS5.7AI score0.00205EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.51 views

CVE-2024-44155

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.

6.5CVSS5.4AI score0.00121EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.51 views

CVE-2024-54497

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.

6.5CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2025/03/21 12:15 a.m.51 views

CVE-2024-54564

This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.

6.5CVSS6AI score0.00071EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.51 views

CVE-2025-24193

This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.

2.4CVSS5.7AI score0.00026EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.51 views

CVE-2025-24194

A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory.

6.5CVSS5.4AI score0.00059EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.51 views

CVE-2025-24221

This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup.

7.5CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.51 views

CVE-2025-24283

A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

5.5CVSS5.4AI score0.0002EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.51 views

CVE-2025-31228

The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.

6.8CVSS5.2AI score0.00043EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.50 views

CVE-2009-1701

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a docu...

9.3CVSS8.7AI score0.09717EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.50 views

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sens...

4.3CVSS7.8AI score0.00823EPSS
CVE
CVE
added 2010/11/26 8:0 p.m.50 views

CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-...

5.8CVSS7.8AI score0.00848EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.50 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.50 views

CVE-2011-2805

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.

6.8CVSS6.5AI score0.00575EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.50 views

CVE-2011-2845

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6.1AI score0.0053EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.50 views

CVE-2011-3434

The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

4.3CVSS5.1AI score0.00493EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.50 views

CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

5CVSS6.2AI score0.00515EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.50 views

CVE-2011-3909

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

5CVSS6AI score0.0234EPSS
CVE
CVE
added 2012/01/24 4:3 a.m.50 views

CVE-2011-3924

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

7.5CVSS7AI score0.0234EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.50 views

CVE-2012-0602

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.50 views

CVE-2012-0628

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/08/06 3:55 p.m.50 views

CVE-2012-2857

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...

6.8CVSS7AI score0.01383EPSS
CVE
CVE
added 2013/05/20 2:44 p.m.50 views

CVE-2013-1002

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
CVE
CVE
added 2013/05/20 2:44 p.m.50 views

CVE-2013-1008

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
Total number of security vulnerabilities3721