Lucene search

K

1889 matches found

CVE
CVE
added 2024/07/29 11:15 p.m.51 views

CVE-2024-27863

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00013EPSS
CVE
CVE
added 2025/01/15 8:15 p.m.51 views

CVE-2024-40771

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privi...

8.4CVSS6.9AI score0.00054EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.51 views

CVE-2024-40777

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

5.5CVSS5.8AI score0.00265EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.51 views

CVE-2024-44169

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.

8.1CVSS5.9AI score0.00109EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.51 views

CVE-2024-44183

A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.

5.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.51 views

CVE-2024-44225

A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges.

7.8CVSS5.9AI score0.00058EPSS
CVE
CVE
added 2024/12/20 1:15 a.m.51 views

CVE-2024-54538

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.

7.5CVSS5.9AI score0.00699EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.51 views

CVE-2025-24144

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.

5.5CVSS4.9AI score0.00009EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.50 views

CVE-2014-1280

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.

7.1CVSS5.8AI score0.004EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.50 views

CVE-2014-1359

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

10CVSS6.9AI score0.01536EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.50 views

CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

7.8CVSS5.8AI score0.01216EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.50 views

CVE-2014-4483

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8CVSS5.1AI score0.02074EPSS
CVE
CVE
added 2015/03/18 10:59 p.m.50 views

CVE-2015-1068

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00853EPSS
CVE
CVE
added 2015/03/18 10:59 p.m.50 views

CVE-2015-1073

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.50 views

CVE-2015-1097

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.50 views

CVE-2015-7065

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS9.1AI score0.01866EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.50 views

CVE-2015-7068

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

9.3CVSS8.5AI score0.04372EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.50 views

CVE-2016-1817

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE...

9.3CVSS7.6AI score0.04268EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.50 views

CVE-2018-4448

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-...

5.5CVSS4.8AI score0.00068EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.50 views

CVE-2021-31006

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS5.6AI score0.001EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.50 views

CVE-2023-28185

An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.

5.5CVSS6.2AI score0.00036EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.50 views

CVE-2024-44176

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.

5.5CVSS6AI score0.00047EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.50 views

CVE-2024-44285

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

8.4CVSS5.5AI score0.01469EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.50 views

CVE-2025-31233

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app term...

6.3CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.49 views

CVE-2014-1275

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

6.8CVSS7.9AI score0.01142EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.49 views

CVE-2014-1325

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.49 views

CVE-2014-1365

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.49 views

CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

7.1CVSS6.3AI score0.01872EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.49 views

CVE-2014-4411

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2016/02/01 11:59 a.m.49 views

CVE-2016-1720

IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7.1AI score0.00242EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.49 views

CVE-2016-1803

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

7.8CVSS7.6AI score0.06656EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.49 views

CVE-2016-1807

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

5.1CVSS4.8AI score0.00125EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.49 views

CVE-2016-4584

The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.4AI score0.00768EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.49 views

CVE-2016-4632

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.5CVSS7.4AI score0.02619EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.49 views

CVE-2016-7579

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and o...

5.9CVSS5.3AI score0.00682EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.49 views

CVE-2017-6997

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.49 views

CVE-2024-40806

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may l...

5.5CVSS5.8AI score0.00029EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.49 views

CVE-2024-44282

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.

6.5CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.49 views

CVE-2025-31223

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

8CVSS5.8AI score0.00082EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.49 views

CVE-2025-31241

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

5.3CVSS6.1AI score0.00169EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.48 views

CVE-2014-1267

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.

5.8CVSS5.6AI score0.00222EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.48 views

CVE-2014-1272

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

6.3CVSS5.7AI score0.00024EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.48 views

CVE-2014-4485

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

7.5CVSS5.1AI score0.02977EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.48 views

CVE-2014-4486

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.7AI score0.01019EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.48 views

CVE-2014-4491

The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS2.9AI score0.00524EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.48 views

CVE-2015-1094

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS
CVE
CVE
added 2015/12/11 12:0 p.m.48 views

CVE-2015-7104

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS8.8AI score0.01538EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.48 views

CVE-2016-1818

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE...

9.3CVSS7.6AI score0.04268EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.48 views

CVE-2016-1824

IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.

9.3CVSS7.6AI score0.03188EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.48 views

CVE-2016-1847

OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.00856EPSS
Total number of security vulnerabilities1889