Lucene search

K

1896 matches found

CVE
CVE
added 2017/04/02 1:59 a.m.67 views

CVE-2017-2428

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspec...

9.8CVSS7.3AI score0.00733EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.67 views

CVE-2017-2451

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause...

9.3CVSS8.1AI score0.00488EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.67 views

CVE-2017-2505

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.00958EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.67 views

CVE-2017-2536

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.10876EPSS
Web
CVE
CVE
added 2017/07/20 4:29 p.m.67 views

CVE-2017-7062

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or c...

9.8CVSS8.6AI score0.02108EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.67 views

CVE-2018-4409

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.5CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.67 views

CVE-2019-8556

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00758EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.67 views

CVE-2019-8712

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.

10CVSS8.8AI score0.00988EPSS
CVE
CVE
added 2021/04/02 6:15 p.m.67 views

CVE-2020-27923

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead...

7.8CVSS7.8AI score0.00482EPSS
CVE
CVE
added 2021/04/02 6:15 p.m.67 views

CVE-2020-29615

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service...

5.5CVSS5.5AI score0.00341EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.67 views

CVE-2020-9888

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8CVSS8AI score0.00462EPSS
CVE
CVE
added 2020/10/22 7:15 p.m.67 views

CVE-2020-9904

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8AI score0.00456EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.67 views

CVE-2020-9909

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

5.9CVSS6.4AI score0.00771EPSS
CVE
CVE
added 2021/10/28 7:15 p.m.67 views

CVE-2021-30840

This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

7.8CVSS7.8AI score0.00376EPSS
CVE
CVE
added 2023/06/23 6:15 p.m.67 views

CVE-2023-32384

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.

7.8CVSS8.3AI score0.00049EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.67 views

CVE-2023-41063

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.00036EPSS
CVE
CVE
added 2024/03/28 4:15 p.m.67 views

CVE-2023-42947

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.

8.6CVSS7.1AI score0.00045EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.67 views

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination...

7.8CVSS7.2AI score0.00043EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.67 views

CVE-2025-30447

The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

5.5CVSS5.8AI score0.00011EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.66 views

CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS7.8AI score0.11335EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.66 views

CVE-2014-4477

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS
CVE
CVE
added 2015/03/18 10:59 p.m.66 views

CVE-2015-1077

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00913EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.66 views

CVE-2015-1100

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

5.4CVSS6.1AI score0.00252EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.66 views

CVE-2016-1856

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.66 views

CVE-2017-13797

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS8.7AI score0.1598EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.66 views

CVE-2017-13873

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary app...

4.3CVSS4.8AI score0.00335EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.66 views

CVE-2017-2432

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of servi...

7.8CVSS8.6AI score0.00905EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.66 views

CVE-2017-2450

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial o...

7.1CVSS6.8AI score0.00614EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.66 views

CVE-2017-2461

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption)...

7.5CVSS6.9AI score0.02076EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.66 views

CVE-2017-2463

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

8.8CVSS8.6AI score0.00723EPSS
CVE
CVE
added 2017/07/20 4:29 p.m.66 views

CVE-2017-7009

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context...

9.3CVSS8.1AI score0.00183EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.66 views

CVE-2018-4336

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.00185EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.66 views

CVE-2018-4427

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.

9.3CVSS7.2AI score0.00185EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.66 views

CVE-2019-8582

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may r...

5.5CVSS5.8AI score0.00296EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.66 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

7.8CVSS6.4AI score0.00288EPSS
CVE
CVE
added 2021/04/02 6:15 p.m.66 views

CVE-2020-27899

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.

7.8CVSS6.6AI score0.00149EPSS
CVE
CVE
added 2020/06/09 5:15 p.m.66 views

CVE-2020-9793

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

9.3CVSS7.6AI score0.01193EPSS
CVE
CVE
added 2020/10/22 7:15 p.m.66 views

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.

7.1CVSS5.5AI score0.00328EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.66 views

CVE-2022-22585

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.

7.5CVSS7AI score0.00572EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.66 views

CVE-2022-42811

An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.

5.5CVSS5.8AI score0.00064EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.66 views

CVE-2023-40452

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.

7.1CVSS6.1AI score0.00021EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.66 views

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS5.8AI score0.00224EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.66 views

CVE-2024-27857

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

7.8CVSS7.2AI score0.0074EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.66 views

CVE-2025-30425

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

4.3CVSS5.7AI score0.00029EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.65 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.65 views

CVE-2014-4476

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.65 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.65 views

CVE-2016-4688

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute ar...

8.8CVSS7.6AI score0.01334EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.65 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS
CVE
CVE
added 2016/09/25 11:0 a.m.65 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS
Total number of security vulnerabilities1896