Lucene search

K

1896 matches found

cve
cve
added 2019/04/03 6:29 p.m.61 views

CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.4AI score0.00333EPSS
cve
cve
added 2019/12/18 6:15 p.m.61 views

CVE-2019-8593

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.3AI score0.00384EPSS
cve
cve
added 2019/12/18 6:15 p.m.61 views

CVE-2019-8704

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.

5.5CVSS6AI score0.00047EPSS
cve
cve
added 2021/04/02 6:15 p.m.61 views

CVE-2020-29624

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a m...

7.8CVSS7.9AI score0.00395EPSS
cve
cve
added 2020/04/01 6:15 p.m.61 views

CVE-2020-9768

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.

9.3CVSS7.9AI score0.00477EPSS
cve
cve
added 2020/10/22 7:15 p.m.61 views

CVE-2020-9901

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.00147EPSS
cve
cve
added 2021/09/08 3:15 p.m.61 views

CVE-2021-1836

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.

5.5CVSS5.6AI score0.00037EPSS
cve
cve
added 2023/09/27 3:19 p.m.61 views

CVE-2023-40419

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.

7.8CVSS6.6AI score0.00024EPSS
cve
cve
added 2023/09/27 3:19 p.m.61 views

CVE-2023-40429

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

5.5CVSS4.9AI score0.00057EPSS
cve
cve
added 2024/07/29 11:15 p.m.61 views

CVE-2024-27823

A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spo...

5.9CVSS5.6AI score0.00267EPSS
cve
cve
added 2025/03/31 11:15 p.m.61 views

CVE-2025-24178

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

9.8CVSS5.8AI score0.00055EPSS
cve
cve
added 2025/03/31 11:15 p.m.61 views

CVE-2025-31183

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

9.8CVSS5.4AI score0.00051EPSS
cve
cve
added 2013/01/29 5:58 a.m.60 views

CVE-2013-0964

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

3.6CVSS5.4AI score0.00063EPSS
cve
cve
added 2014/09/18 10:55 a.m.60 views

CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

5.6CVSS5.5AI score0.00498EPSS
cve
cve
added 2014/09/18 10:55 a.m.60 views

CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

5.8CVSS5.8AI score0.0208EPSS
cve
cve
added 2014/09/18 10:55 a.m.60 views

CVE-2014-4420

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS
cve
cve
added 2014/12/10 9:59 p.m.60 views

CVE-2014-4471

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS
cve
cve
added 2015/01/30 11:59 a.m.60 views

CVE-2014-4496

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.4AI score0.00664EPSS
cve
cve
added 2015/03/18 10:59 p.m.60 views

CVE-2015-1074

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00787EPSS
cve
cve
added 2015/03/18 10:59 p.m.60 views

CVE-2015-1078

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00913EPSS
cve
cve
added 2015/03/18 10:59 p.m.60 views

CVE-2015-1083

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00861EPSS
cve
cve
added 2015/12/11 11:59 a.m.60 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS
cve
cve
added 2015/12/11 11:59 a.m.60 views

CVE-2015-7083

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

7.2CVSS7.9AI score0.00335EPSS
cve
cve
added 2015/12/11 11:59 a.m.60 views

CVE-2015-7102

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS
cve
cve
added 2016/02/01 11:59 a.m.60 views

CVE-2016-1727

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

9.3CVSS7.7AI score0.01025EPSS
cve
cve
added 2016/09/25 11:0 a.m.60 views

CVE-2016-4777

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.

9.3CVSS8.2AI score0.00263EPSS
cve
cve
added 2017/05/22 5:29 a.m.60 views

CVE-2017-2530

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a ...

8.8CVSS8AI score0.00658EPSS
cve
cve
added 2017/05/22 5:29 a.m.60 views

CVE-2017-2549

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly in...

6.1CVSS5.8AI score0.00429EPSS
cve
cve
added 2019/04/03 6:29 p.m.60 views

CVE-2018-4269

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

8.6CVSS6.3AI score0.00305EPSS
cve
cve
added 2020/04/01 6:15 p.m.60 views

CVE-2020-3914

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.

5.5CVSS5.4AI score0.003EPSS
cve
cve
added 2022/11/01 8:15 p.m.60 views

CVE-2022-32881

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system.

5.5CVSS5.6AI score0.00038EPSS
cve
cve
added 2023/06/23 6:15 p.m.60 views

CVE-2023-28191

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

5.5CVSS5.6AI score0.00009EPSS
cve
cve
added 2023/06/23 6:15 p.m.60 views

CVE-2023-32372

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.

5.5CVSS4.5AI score0.00031EPSS
cve
cve
added 2023/09/27 3:19 p.m.60 views

CVE-2023-40412

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00036EPSS
cve
cve
added 2023/12/12 1:15 a.m.60 views

CVE-2023-42898

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.

5.5CVSS6AI score0.00027EPSS
cve
cve
added 2024/07/29 11:15 p.m.60 views

CVE-2024-40799

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may l...

7.1CVSS5.8AI score0.00054EPSS
cve
cve
added 2025/03/31 11:15 p.m.60 views

CVE-2025-24214

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

5.5CVSS5.4AI score0.00011EPSS
cve
cve
added 2025/03/31 11:15 p.m.60 views

CVE-2025-24243

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS6.9AI score0.00014EPSS
cve
cve
added 2025/03/31 11:15 p.m.60 views

CVE-2025-30454

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.

5.5CVSS5.2AI score0.00011EPSS
cve
cve
added 2014/03/14 10:55 a.m.59 views

CVE-2014-1290

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...

6.8CVSS7.7AI score0.01795EPSS
cve
cve
added 2014/03/14 10:55 a.m.59 views

CVE-2014-1291

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293...

6.8CVSS7.7AI score0.01795EPSS
cve
cve
added 2014/03/14 10:55 a.m.59 views

CVE-2014-1293

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292...

6.8CVSS7.7AI score0.01795EPSS
cve
cve
added 2014/12/10 9:59 p.m.59 views

CVE-2014-4468

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS
cve
cve
added 2015/03/18 10:59 p.m.59 views

CVE-2015-1076

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00805EPSS
cve
cve
added 2015/04/10 2:59 p.m.59 views

CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9CVSS7AI score0.00071EPSS
cve
cve
added 2015/12/11 11:59 a.m.59 views

CVE-2015-7040

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS
cve
cve
added 2015/12/11 11:59 a.m.59 views

CVE-2015-7084

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.

7.2CVSS7.9AI score0.00335EPSS
cve
cve
added 2016/03/24 1:59 a.m.59 views

CVE-2016-1753

Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.8AI score0.00362EPSS
cve
cve
added 2016/09/25 10:59 a.m.59 views

CVE-2016-4702

Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS9.2AI score0.14118EPSS
cve
cve
added 2016/09/25 10:59 a.m.59 views

CVE-2016-4718

Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

6.5CVSS6.5AI score0.0232EPSS
Total number of security vulnerabilities1896