Lucene search

K

3624 matches found

cve
cve
added 2017/02/20 8:59 a.m.44 views

CVE-2016-4690

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.

6.8CVSS6.2AI score0.00108EPSS
cve
cve
added 2016/09/25 10:59 a.m.44 views

CVE-2016-4724

IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8.3AI score0.00172EPSS
cve
cve
added 2016/09/18 10:59 p.m.44 views

CVE-2016-4746

The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.

5.3CVSS5.7AI score0.00456EPSS
cve
cve
added 2016/09/18 10:59 p.m.44 views

CVE-2016-4747

Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

4.3CVSS5.2AI score0.00171EPSS
cve
cve
added 2017/05/22 5:29 a.m.44 views

CVE-2017-6996

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
cve
cve
added 2019/04/03 6:29 p.m.44 views

CVE-2018-4275

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.

8.6CVSS7.3AI score0.00255EPSS
cve
cve
added 2019/04/03 6:29 p.m.44 views

CVE-2018-4362

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.

6.5CVSS6.4AI score0.00222EPSS
cve
cve
added 2020/10/27 8:15 p.m.44 views

CVE-2019-7288

The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .

9.8CVSS7.3AI score0.00528EPSS
cve
cve
added 2019/12/18 6:15 p.m.44 views

CVE-2019-8617

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.

9.6CVSS7.3AI score0.00496EPSS
cve
cve
added 2020/04/01 6:15 p.m.44 views

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

5.3CVSS5.5AI score0.00237EPSS
cve
cve
added 2021/09/08 3:15 p.m.44 views

CVE-2021-1862

Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.

2.4CVSS3.2AI score0.00057EPSS
cve
cve
added 2023/08/14 11:15 p.m.44 views

CVE-2022-46724

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.

2.4CVSS2.5AI score0.00069EPSS
cve
cve
added 2024/01/10 10:15 p.m.44 views

CVE-2023-38610

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.

7.1CVSS6.6AI score0.00057EPSS
cve
cve
added 2025/04/11 3:15 p.m.44 views

CVE-2023-38614

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.

4.3CVSS5.6AI score0.00028EPSS
cve
cve
added 2024/01/10 10:15 p.m.44 views

CVE-2023-41069

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

5.5CVSS4.8AI score0.00079EPSS
cve
cve
added 2024/01/10 10:15 p.m.44 views

CVE-2023-42865

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.

6.5CVSS5.7AI score0.00252EPSS
cve
cve
added 2025/04/11 3:15 p.m.44 views

CVE-2023-42969

An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.

3.3CVSS5.9AI score0.00015EPSS
cve
cve
added 2024/07/29 11:15 p.m.44 views

CVE-2024-40833

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

6.2CVSS5.5AI score0.00053EPSS
cve
cve
added 2024/09/17 12:15 a.m.44 views

CVE-2024-44158

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent.

5.5CVSS5.9AI score0.00061EPSS
cve
cve
added 2024/12/12 2:15 a.m.44 views

CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be w...

5.9CVSS5.7AI score0.00095EPSS
cve
cve
added 2025/01/27 10:15 p.m.44 views

CVE-2025-24117

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

5.5CVSS5.5AI score0.00019EPSS
cve
cve
added 2025/05/12 10:15 p.m.44 views

CVE-2025-30448

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

9.1CVSS5.8AI score0.00149EPSS
cve
cve
added 2025/05/12 10:15 p.m.44 views

CVE-2025-31239

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

3.3CVSS5.8AI score0.00017EPSS
cve
cve
added 2009/06/19 4:30 p.m.43 views

CVE-2009-1679

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the inte...

2.1CVSS6.3AI score0.00067EPSS
cve
cve
added 2011/03/11 10:55 p.m.43 views

CVE-2011-1418

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5CVSS5.9AI score0.00388EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0603

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0608

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

6.8CVSS7.8AI score0.01764EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0611

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0612

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0624

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0625

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
cve
cve
added 2012/03/08 10:55 p.m.43 views

CVE-2012-0629

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
cve
cve
added 2012/09/20 9:55 p.m.43 views

CVE-2012-3725

The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi netw...

3.3CVSS5.3AI score0.00144EPSS
cve
cve
added 2012/09/20 9:55 p.m.43 views

CVE-2012-3732

Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.

6.4CVSS5.8AI score0.00585EPSS
cve
cve
added 2013/01/29 5:58 a.m.43 views

CVE-2013-0954

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
cve
cve
added 2013/01/29 5:58 a.m.43 views

CVE-2013-0955

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
cve
cve
added 2013/11/18 2:55 a.m.43 views

CVE-2013-5193

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

4.7CVSS6AI score0.00048EPSS
cve
cve
added 2014/03/14 10:55 a.m.43 views

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

5.8CVSS5.7AI score0.00222EPSS
cve
cve
added 2014/03/14 10:55 a.m.43 views

CVE-2014-1276

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.

5CVSS5.7AI score0.00263EPSS
cve
cve
added 2014/09/18 10:55 a.m.43 views

CVE-2014-4352

Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2.1CVSS5AI score0.00042EPSS
cve
cve
added 2014/09/18 10:55 a.m.43 views

CVE-2014-4367

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.

2.1CVSS5.8AI score0.00075EPSS
cve
cve
added 2014/11/18 11:59 a.m.43 views

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1CVSS5.3AI score0.00063EPSS
cve
cve
added 2015/03/12 10:59 a.m.43 views

CVE-2015-1063

CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.

7.8CVSS6AI score0.00693EPSS
cve
cve
added 2015/04/10 2:59 p.m.43 views

CVE-2015-1114

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

1.9CVSS5.6AI score0.00074EPSS
cve
cve
added 2015/04/10 2:59 p.m.43 views

CVE-2015-1123

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPL...

6.8CVSS7.9AI score0.02011EPSS
cve
cve
added 2015/08/17 12:0 a.m.43 views

CVE-2015-3805

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

7.2CVSS7.3AI score0.00061EPSS
cve
cve
added 2015/09/18 11:0 a.m.43 views

CVE-2015-5848

IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00072EPSS
cve
cve
added 2015/09/18 12:0 p.m.43 views

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2.1CVSS4.9AI score0.00041EPSS
cve
cve
added 2015/09/18 12:1 p.m.43 views

CVE-2015-5921

WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

4.3CVSS4.9AI score0.003EPSS
cve
cve
added 2016/02/01 11:59 a.m.43 views

CVE-2016-1721

The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS6.9AI score0.00182EPSS
Total number of security vulnerabilities3624