Lucene search

K

1889 matches found

CVE
CVE
added 2017/02/20 8:59 a.m.48 views

CVE-2016-4665

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

4.3CVSS4AI score0.00228EPSS
CVE
CVE
added 2017/12/25 9:29 p.m.48 views

CVE-2017-13903

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch...

7.5CVSS6.3AI score0.00573EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.48 views

CVE-2017-2507

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00265EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.48 views

CVE-2017-6998

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.48 views

CVE-2018-4282

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.

5.5CVSS5.7AI score0.00068EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.48 views

CVE-2018-4313

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

5.5CVSS6.1AI score0.00068EPSS
CVE
CVE
added 2023/09/06 2:15 a.m.48 views

CVE-2023-32432

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

5.5CVSS4.9AI score0.00041EPSS
CVE
CVE
added 2024/11/01 9:15 p.m.48 views

CVE-2024-44232

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

6.5CVSS5.7AI score0.00113EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.48 views

CVE-2024-44297

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.

6.5CVSS5.4AI score0.00409EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.48 views

CVE-2024-54517

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

7.8CVSS5.7AI score0.00033EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.48 views

CVE-2025-31239

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

4.3CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.47 views

CVE-2013-5225

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.47 views

CVE-2014-1279

Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.

2.1CVSS5.1AI score0.00056EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.47 views

CVE-2014-1367

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.47 views

CVE-2014-4480

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

10CVSS5.7AI score0.01934EPSS
CVE
CVE
added 2015/03/12 10:59 a.m.47 views

CVE-2015-1062

MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.

5CVSS5.7AI score0.00336EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.47 views

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9AI score0.03398EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.47 views

CVE-2015-7055

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.00623EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.47 views

CVE-2015-7066

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.

6.8CVSS9.1AI score0.01234EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.47 views

CVE-2015-7073

Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.

6.8CVSS9.2AI score0.03398EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.47 views

CVE-2016-1751

The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.

7.8CVSS7.3AI score0.00233EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.47 views

CVE-2016-1813

The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS7.7AI score0.03537EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.47 views

CVE-2017-2523

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial...

9.8CVSS8.8AI score0.13046EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.47 views

CVE-2021-30944

Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging.

5.5CVSS5.3AI score0.00264EPSS
CVE
CVE
added 2023/06/23 6:15 p.m.47 views

CVE-2023-32403

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location informatio...

5.5CVSS5.5AI score0.00023EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.47 views

CVE-2023-40456

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.

3.3CVSS2.8AI score0.0003EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.46 views

CVE-2013-5196

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.46 views

CVE-2014-1356

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.

10CVSS7.3AI score0.03252EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.46 views

CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

9.3CVSS4.2AI score0.0186EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.46 views

CVE-2014-4484

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

7.5CVSS5.1AI score0.03229EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.46 views

CVE-2014-4495

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

10CVSS2.8AI score0.00834EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.46 views

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS7.7AI score0.0091EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.46 views

CVE-2015-7045

Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.

5CVSS8AI score0.00336EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.46 views

CVE-2016-1775

TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

9.3CVSS7.4AI score0.00736EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.46 views

CVE-2016-1783

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.9AI score0.01662EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.46 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01328EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.46 views

CVE-2016-4626

IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.8CVSS7.6AI score0.00053EPSS
CVE
CVE
added 2017/04/20 5:59 p.m.46 views

CVE-2016-4650

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00279EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.46 views

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted ar...

5.5CVSS5.3AI score0.00633EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.46 views

CVE-2017-6994

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
CVE
CVE
added 2024/01/23 1:15 a.m.46 views

CVE-2023-40528

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.

5.5CVSS6AI score0.00006EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.46 views

CVE-2024-44198

An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS6.6AI score0.00036EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.46 views

CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be w...

5.9CVSS5.7AI score0.00148EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.46 views

CVE-2025-31222

A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.

7.8CVSS5.6AI score0.00019EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.45 views

CVE-2011-0162

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

7.8CVSS5.9AI score0.01975EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.45 views

CVE-2011-1418

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5CVSS5.9AI score0.00388EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.45 views

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

5.8CVSS5.7AI score0.00222EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.45 views

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.45 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.45 views

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

4.3CVSS7.4AI score0.02365EPSS
Total number of security vulnerabilities1889