Lucene search

K

3624 matches found

CVE
CVE
added 2019/04/03 6:29 p.m.40 views

CVE-2018-4439

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

6.5CVSS6.6AI score0.00344EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.40 views

CVE-2018-4444

A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.3AI score0.00457EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.40 views

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.

5.5CVSS5.4AI score0.00077EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.40 views

CVE-2024-40840

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

4.6CVSS5.7AI score0.00059EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.40 views

CVE-2024-44180

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

2.4CVSS5.5AI score0.0005EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.40 views

CVE-2024-44218

This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption.

7.8CVSS5.4AI score0.00021EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.40 views

CVE-2024-44239

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive k...

5.5CVSS4.7AI score0.00037EPSS
CVE
CVE
added 2025/03/10 7:15 p.m.40 views

CVE-2024-54469

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.

5.5CVSS5.2AI score0.00015EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.40 views

CVE-2025-24111

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

5.5CVSS5.9AI score0.00012EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.40 views

CVE-2025-31234

The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

8.2CVSS5.7AI score0.00066EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.39 views

CVE-2010-1751

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.

5CVSS5.6AI score0.00512EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.39 views

CVE-2012-0607

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3728

The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.

6.9CVSS5.5AI score0.00048EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3731

Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

2.1CVSS5.5AI score0.00068EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3738

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact informatio...

3.6CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3740

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

2.1CVSS5.5AI score0.00053EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3745

Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

5CVSS6.1AI score0.00583EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3746

UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.

4.3CVSS5.4AI score0.00335EPSS
CVE
CVE
added 2013/01/29 5:58 a.m.39 views

CVE-2013-0951

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.39 views

CVE-2013-3954

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive in...

6.9CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.39 views

CVE-2013-5126

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.39 views

CVE-2013-5133

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

8.8CVSS5.8AI score0.00559EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.39 views

CVE-2013-5144

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer derefe...

3.3CVSS6.1AI score0.00055EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5147

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

3.7CVSS5.7AI score0.0048EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5157

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.

5CVSS5.6AI score0.00291EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5158

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.

2.1CVSS4.9AI score0.00068EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.39 views

CVE-2013-5198

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.39 views

CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

1.9CVSS5.7AI score0.00067EPSS
CVE
CVE
added 2014/10/22 10:55 a.m.39 views

CVE-2014-4448

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

1.9CVSS5AI score0.00046EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1109

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.

2.1CVSS5AI score0.0007EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1111

Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

5CVSS4.9AI score0.003EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1115

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.

4.4CVSS5.7AI score0.00056EPSS
CVE
CVE
added 2015/07/03 2:0 a.m.39 views

CVE-2015-3724

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.

6.8CVSS7.5AI score0.01177EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.39 views

CVE-2015-5838

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

4.3CVSS5.7AI score0.00224EPSS
CVE
CVE
added 2015/09/18 12:0 p.m.39 views

CVE-2015-5906

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.

5CVSS6AI score0.00388EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.39 views

CVE-2015-5923

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2.1CVSS5.6AI score0.00068EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.39 views

CVE-2015-7000

Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.

2.1CVSS5.1AI score0.00069EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.39 views

CVE-2015-7004

The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.

7.1CVSS5.4AI score0.00529EPSS
CVE
CVE
added 2016/02/01 11:59 a.m.39 views

CVE-2016-1730

WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.

5.8CVSS5.8AI score0.00274EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.39 views

CVE-2016-4627

IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.8CVSS7.6AI score0.00106EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-4689

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.

7.5CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2016/09/25 11:0 a.m.39 views

CVE-2016-4771

The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.

5.5CVSS5.7AI score0.00208EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

6.8CVSS5.3AI score0.00075EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-7634

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible.

4.6CVSS4.4AI score0.00069EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.39 views

CVE-2017-7113

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.

5.5CVSS4.8AI score0.00069EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4327

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.

9.3CVSS7.1AI score0.15106EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4356

A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.

5.3CVSS5.9AI score0.00179EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4380

A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.

5.5CVSS4.8AI score0.0006EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4429

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.

6.5CVSS5.8AI score0.00222EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.39 views

CVE-2023-40438

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.

5.5CVSS4.8AI score0.00058EPSS
Total number of security vulnerabilities3624