Lucene search

K

3624 matches found

CVE
CVE
added 2025/03/31 11:15 p.m.45 views

CVE-2025-24095

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.

7.6CVSS5.9AI score0.00044EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.45 views

CVE-2025-30436

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

9.1CVSS6AI score0.00069EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.45 views

CVE-2025-31228

The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.

6.8CVSS5.2AI score0.00043EPSS
CVE
CVE
added 2010/11/26 8:0 p.m.44 views

CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

4.3CVSS5.6AI score0.00542EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.44 views

CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

4.3CVSS8AI score0.00391EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.44 views

CVE-2011-0162

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

7.8CVSS5.9AI score0.01975EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.44 views

CVE-2011-1107

Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.

4.3CVSS8.1AI score0.00999EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2011-2870

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2011-2873

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0590

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

4.3CVSS4.9AI score0.00588EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0591

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0609

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0610

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0617

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0618

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0621

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0631

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0635

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.44 views

CVE-2012-0641

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

5CVSS5.2AI score0.00556EPSS
CVE
CVE
added 2012/09/13 10:30 a.m.44 views

CVE-2012-3701

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.44 views

CVE-2012-3737

The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.

2.1CVSS5.5AI score0.00068EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.44 views

CVE-2012-3743

The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.

5CVSS5AI score0.00421EPSS
CVE
CVE
added 2012/11/03 5:55 p.m.44 views

CVE-2012-3749

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.6AI score0.00498EPSS
CVE
CVE
added 2012/11/03 5:55 p.m.44 views

CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

3.6CVSS5.6AI score0.00073EPSS
CVE
CVE
added 2013/09/16 1:2 p.m.44 views

CVE-2013-1028

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

5.8CVSS5.3AI score0.0038EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.44 views

CVE-2013-1042

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.44 views

CVE-2013-5128

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.44 views

CVE-2013-5131

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5AI score0.0032EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.44 views

CVE-2013-5137

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.

2.6CVSS5.9AI score0.00371EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.44 views

CVE-2013-5141

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."

7.1CVSS5.6AI score0.00532EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.44 views

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.44 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.44 views

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3CVSS7.5AI score0.65446EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.44 views

CVE-2015-3778

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

3.3CVSS7.3AI score0.00351EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.44 views

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

4.3CVSS7.4AI score0.02365EPSS
CVE
CVE
added 2015/08/17 12:1 a.m.44 views

CVE-2015-5781

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.

4.3CVSS7AI score0.00651EPSS
CVE
CVE
added 2015/11/22 3:59 a.m.44 views

CVE-2015-5859

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.3AI score0.0025EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.44 views

CVE-2015-6979

GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.1AI score0.01466EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.44 views

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS7.7AI score0.0091EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.44 views

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9AI score0.03398EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.44 views

CVE-2015-7066

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.

6.8CVSS9.1AI score0.01234EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.44 views

CVE-2015-7072

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.0101EPSS
CVE
CVE
added 2015/12/11 12:0 p.m.44 views

CVE-2015-7109

IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.9AI score0.00868EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.44 views

CVE-2016-1766

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

7.5CVSS6.6AI score0.00148EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.44 views

CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted ...

5.8CVSS5.6AI score0.00441EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.44 views

CVE-2016-1802

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

5.5CVSS5AI score0.00262EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.44 views

CVE-2016-1842

MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

7.5CVSS6.6AI score0.01282EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.44 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01579EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.44 views

CVE-2016-4664

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.

4.3CVSS4AI score0.00228EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.44 views

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted ar...

5.5CVSS5.3AI score0.00633EPSS
Total number of security vulnerabilities3624