Lucene search

K

1889 matches found

cve
cve
added 2021/09/08 2:15 p.m.65 views

CVE-2021-30802

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.8AI score0.00492EPSS
cve
cve
added 2023/09/27 3:19 p.m.65 views

CVE-2023-40399

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.

5.5CVSS4.9AI score0.00022EPSS
cve
cve
added 2024/06/10 9:15 p.m.65 views

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected ap...

7.8CVSS7AI score0.00036EPSS
cve
cve
added 2024/06/10 9:15 p.m.65 views

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.17999EPSS
cve
cve
added 2025/04/29 3:15 a.m.65 views

CVE-2025-31202

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

5.5CVSS7.5AI score0.00009EPSS
cve
cve
added 2016/01/12 7:59 p.m.64 views

CVE-2015-8659

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

10CVSS7.2AI score0.02186EPSS
cve
cve
added 2016/05/20 11:0 a.m.64 views

CVE-2016-1857

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

8.8CVSS8.4AI score0.01359EPSS
cve
cve
added 2016/09/25 11:0 a.m.64 views

CVE-2016-4774

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS
cve
cve
added 2017/04/02 1:59 a.m.64 views

CVE-2017-2390

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory p...

5.5CVSS5.5AI score0.00086EPSS
cve
cve
added 2017/05/22 5:29 a.m.64 views

CVE-2017-2531

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.06379EPSS
cve
cve
added 2017/10/23 1:29 a.m.64 views

CVE-2017-7112

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory co...

10CVSS8.9AI score0.10946EPSS
cve
cve
added 2019/04/03 6:29 p.m.64 views

CVE-2018-4343

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.03814EPSS
cve
cve
added 2019/04/03 6:29 p.m.64 views

CVE-2018-4360

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS8.1AI score0.00704EPSS
cve
cve
added 2021/12/23 8:15 p.m.64 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS
cve
cve
added 2020/04/01 6:15 p.m.64 views

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

5.5CVSS5.7AI score0.00063EPSS
cve
cve
added 2020/10/22 6:15 p.m.64 views

CVE-2020-3918

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

5.5CVSS5.3AI score0.00067EPSS
cve
cve
added 2020/12/08 8:15 p.m.64 views

CVE-2020-9972

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8AI score0.02321EPSS
cve
cve
added 2023/06/23 6:15 p.m.64 views

CVE-2023-32408

The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.

5.5CVSS5.5AI score0.00023EPSS
cve
cve
added 2023/09/27 3:19 p.m.64 views

CVE-2023-41071

A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00036EPSS
cve
cve
added 2024/06/10 9:15 p.m.64 views

CVE-2024-27801

The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.

8.4CVSS5.7AI score0.00055EPSS
cve
cve
added 2025/03/31 11:15 p.m.64 views

CVE-2025-24211

This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corru...

9.8CVSS5.8AI score0.00084EPSS
cve
cve
added 2025/03/31 11:15 p.m.64 views

CVE-2025-30429

A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

6.3CVSS5.6AI score0.00021EPSS
cve
cve
added 2014/09/18 10:55 a.m.63 views

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

9.3CVSS8AI score0.01754EPSS
cve
cve
added 2014/12/10 9:59 p.m.63 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

5CVSS6.1AI score0.00977EPSS
cve
cve
added 2015/12/11 11:59 a.m.63 views

CVE-2015-7101

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS
cve
cve
added 2016/07/22 2:59 a.m.63 views

CVE-2016-1863

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

7.8CVSS7.6AI score0.00181EPSS
cve
cve
added 2016/09/25 10:59 a.m.63 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS
cve
cve
added 2016/09/25 11:0 a.m.63 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS
cve
cve
added 2017/04/02 1:59 a.m.63 views

CVE-2017-2439

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial...

7.1CVSS6.8AI score0.00614EPSS
cve
cve
added 2019/04/03 6:29 p.m.63 views

CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.4AI score0.00737EPSS
cve
cve
added 2019/12/18 6:15 p.m.63 views

CVE-2019-8698

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

4.3CVSS4.5AI score0.00252EPSS
cve
cve
added 2020/10/27 8:15 p.m.63 views

CVE-2019-8753

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS6.1AI score0.00433EPSS
cve
cve
added 2020/10/16 5:15 p.m.63 views

CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

4.3CVSS4.6AI score0.00216EPSS
cve
cve
added 2021/09/08 2:15 p.m.63 views

CVE-2021-30753

Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.

5.5CVSS5.4AI score0.00269EPSS
cve
cve
added 2022/11/01 8:15 p.m.63 views

CVE-2022-32879

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.

2.4CVSS4AI score0.00085EPSS
cve
cve
added 2022/11/01 8:15 p.m.63 views

CVE-2022-32913

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

3.3CVSS4.8AI score0.00053EPSS
cve
cve
added 2022/11/01 8:15 p.m.63 views

CVE-2022-42810

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.

5.5CVSS5.8AI score0.00067EPSS
cve
cve
added 2023/09/27 3:19 p.m.63 views

CVE-2023-40420

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

6.5CVSS5.8AI score0.00167EPSS
cve
cve
added 2023/09/27 3:19 p.m.63 views

CVE-2023-40448

The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.

8.6CVSS7.4AI score0.01544EPSS
cve
cve
added 2023/09/27 3:19 p.m.63 views

CVE-2023-40454

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.

7.1CVSS6.1AI score0.00021EPSS
cve
cve
added 2023/09/27 3:19 p.m.63 views

CVE-2023-41065

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.

3.3CVSS3.7AI score0.00026EPSS
cve
cve
added 2024/03/28 4:15 p.m.63 views

CVE-2023-42893

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected ...

5.5CVSS5.8AI score0.00014EPSS
cve
cve
added 2024/01/23 1:15 a.m.63 views

CVE-2024-23215

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.

5.5CVSS5.3AI score0.00023EPSS
cve
cve
added 2024/01/23 1:15 a.m.63 views

CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the ...

5.9CVSS5.7AI score0.00172EPSS
cve
cve
added 2024/07/29 11:15 p.m.63 views

CVE-2024-27884

This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.

5.5CVSS5.8AI score0.00015EPSS
cve
cve
added 2024/07/29 11:15 p.m.63 views

CVE-2024-40785

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS5.3AI score0.00262EPSS
cve
cve
added 2024/07/29 11:15 p.m.63 views

CVE-2024-40795

This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.

3.3CVSS5.5AI score0.00016EPSS
cve
cve
added 2025/01/27 10:15 p.m.63 views

CVE-2025-24086

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.

5.5CVSS5.8AI score0.00025EPSS
cve
cve
added 2025/03/31 11:15 p.m.63 views

CVE-2025-24238

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.

9.8CVSS5.9AI score0.00096EPSS
cve
cve
added 2025/04/29 3:15 a.m.63 views

CVE-2025-31203

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

6.5CVSS7.8AI score0.00023EPSS
Total number of security vulnerabilities1889