Lucene search
+L
AppleWatchos

1779 matches found

CVE
CVE
added 2024/02/21 6:41 a.m.6623 views

CVE-2023-42839

CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...

6.2CVSS7AI score0.00197EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6612 views

CVE-2023-42878

CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...

5.5CVSS7AI score0.00187EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6230 views

CVE-2023-42953

CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...

5.5CVSS7.2AI score0.00168EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6222 views

CVE-2023-42946

CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...

7.5CVSS7.1AI score0.00439EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6191 views

CVE-2023-42834

CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...

6.2CVSS7AI score0.00213EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6170 views

CVE-2023-42823

CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...

5.5CVSS7.1AI score0.00425EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4509 views

CVE-2023-42942

CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....

7.8CVSS7AI score0.00387EPSS
CVE
CVE
added 2024/02/21 6:42 a.m.4485 views

CVE-2023-42848

CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...

7.8CVSS6.9AI score0.00209EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.2461 views

CVE-2024-27816

The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...

5.5CVSS7.1AI score0.00985EPSS
CVE
CVE
added 2020/12/08 9:11 p.m.2159 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.1867 views

CVE-2023-32373

CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...

8.8CVSS8.6AI score0.12172EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1828 views

CVE-2023-28204

CVE-2023-28204 is an out-of-bounds read in WebKit caused by improper input handling while processing web content. It affects WebKit-based components and was fixed in multiple vendor advisories: Apple updates (watchOS/macOS/iOS/iPadOS/Safari) and WebKitGTK/WPE WebKit packages (e.g., webkitgtk4 2.3...

6.5CVSS6.6AI score0.14292EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1696 views

CVE-2023-32409

CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...

8.6CVSS7.7AI score0.1653EPSS
In wild
CVE
CVE
added 2022/07/28 12:0 a.m.1669 views

CVE-2022-2294

CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...

8.8CVSS8.3AI score0.70461EPSS
In wild
CVE
CVE
added 2021/09/08 2:48 p.m.1509 views

CVE-2021-30661

CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...

8.8CVSS9.1AI score0.04528EPSS
In wild
CVE
CVE
added 2021/04/02 6:1 p.m.1432 views

CVE-2021-1789

The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...

8.8CVSS8.6AI score0.14542EPSS
In wild
CVE
CVE
added 2020/07/22 4:16 p.m.1364 views

CVE-2020-6514

CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...

6.5CVSS7.3AI score0.0779EPSS
CVE
CVE
added 2022/05/26 5:44 p.m.1346 views

CVE-2022-22675

CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....

9.3CVSS8.2AI score0.12642EPSS
In wild
CVE
CVE
added 2021/03/26 8:48 p.m.1343 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2021/08/24 6:49 p.m.1309 views

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

7.8CVSS6.5AI score0.75994EPSS
In wild
CVE
CVE
added 2020/11/03 2:21 a.m.1292 views

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...

8.8CVSS8.8AI score0.01705EPSS
CVE
CVE
added 2021/09/08 2:25 p.m.1278 views

CVE-2021-30665

CVE-2021-30665 is a memory corruption vulnerability in WebKitGTK/WebKit (before 2.32.3) that can lead to arbitrary code execution when processing malicious web content. It is listed in multiple advisories across WebKitGTK/WebKit and Apple platforms (watchOS/iOS/iPadOS/macOS/tvOS) with exploitatio...

8.8CVSS8.9AI score0.03692EPSS
In wild
CVE
CVE
added 2019/12/18 5:33 p.m.1258 views

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

9.3CVSS8.6AI score0.18108EPSS
In wild
CVE
CVE
added 2022/08/05 12:0 a.m.1235 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.16004EPSS
CVE
CVE
added 2021/04/02 6:7 p.m.1170 views

CVE-2021-1879

CVE-2021-1879 affects Apple WebKit/WebKit-based parsing in iOS/iPadOS/watchOS (WebKit component). The issue is a cross-site scripting vulnerability triggered by processing malicious web content, potentially leading to universal XSS. Root cause: improved management of object lifetimes in WebKit/CS...

6.1CVSS6AI score0.07082EPSS
In wild
CVE
CVE
added 2020/06/05 2:40 p.m.1166 views

CVE-2020-9859

CVE-2020-9859 is an Apple kernel code execution vulnerability triggered by a memory consumption issue. Affected products include iOS 13.5.1/iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6. Root cause: memory handling flaw that could allow an application t...

7.8CVSS7.1AI score0.00829EPSS
In wild
CVE
CVE
added 2017/05/23 3:56 a.m.1156 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.05999EPSS
CVE
CVE
added 2020/12/08 8:17 p.m.1143 views

CVE-2020-27950

CVE-2020-27950 is a memory initialization issue in Apple’s XNU kernel that could allow a malicious app to disclose kernel memory. The CVE is fixed in multiple Apple updates: macOS Big Sur 11.0.1, iOS 14.2/iPadOS 14.2, watchOS 7.1, watchOS 6.2.9, and Security Updates for macOS Catalina 10.15.7 (Su...

7.1CVSS5.3AI score0.1652EPSS
In wild
CVE
CVE
added 2023/07/26 11:21 p.m.1123 views

CVE-2023-37450

CVE-2023-37450 is a WebKit/WebKitGTK-related vulnerability where processing web content may lead to arbitrary code execution. Apple’s documentation states the issue was addressed with improved checks and memory handling, with fixes in iOS 16.6 / iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventur...

8.8CVSS8.5AI score0.1895EPSS
In wild
CVE
CVE
added 2019/12/18 5:33 p.m.1108 views

CVE-2019-8605

CVE-2019-8605 is a use-after-free vulnerability in Apple’s XNU kernel (iOS, macOS, tvOS, watchOS) that could allow a malicious app to execute arbitrary code with system privileges. The initial description notes a use-after-free that was fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, and watc...

9.3CVSS7.5AI score0.17438EPSS
In wild
CVE
CVE
added 2020/12/08 8:13 p.m.1103 views

CVE-2020-27932

CVE-2020-27932 is a kernel-type-confusion issue in Apple’s XNU (mach turnstiles) that could allow a malicious app to execute code with kernel privileges. Connected sources confirm the root cause as a type confusion in kernel IPC machinery and note exploitation in-the-wild only in a macOS/iOS/macO...

9.3CVSS7.2AI score0.10337EPSS
In wild
CVE
CVE
added 2021/04/02 5:59 p.m.1102 views

CVE-2021-1782

CVE-2021-1782 is an iOS/XNU in-the-wild vulnerability in the IPC vouchers subsystem. Project Zero details a race window around user_data handling: an non-atomic increment of e_made in a user_data_value_element can desynchronize with ivace->ivace_made, enabling a race between releasing and revi...

7CVSS7AI score0.02222EPSS
In wild
CVE
CVE
added 2021/10/19 1:12 p.m.1102 views

CVE-2021-30807

CVE-2021-30807 is a memory-corruption flaw in Apple’s IOMobileFrameBuffer kernel extension that can allow an app to execute arbitrary code with kernel privileges. The issue affects iOS, iPadOS, macOS (and watchOS via related advisories) and is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS ...

9.3CVSS8AI score0.28839EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1100 views

CVE-2021-30883

CVE-2021-30883 is an memory-corruption vulnerability in Apple’s IOMobileFrameBuffer that can allow a malicious app to execute arbitrary code with kernel privileges. Apple patched it across iOS/iPadOS 14.8.1 and 15.0.2, macOS Big Sur 11.6.1 and Monterey 12.0.1, tvOS 15.1, and watchOS 8.1. The Appl...

9.3CVSS7.7AI score0.14721EPSS
In wild
CVE
CVE
added 2020/06/09 4:12 p.m.1073 views

CVE-2020-9818

CVE-2020-9818 describes an out‑of‑bounds write in the Mail component of Apple iOS/iPadOS/watchOS. Affected versions: iOS 13.5 and iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. Root cause: improved bounds checking in handling of malicious mail messages may prevent memory corruption. Impact as stated...

8.8CVSS7.6AI score0.02286EPSS
In wild
CVE
CVE
added 2020/12/08 8:17 p.m.1071 views

CVE-2020-27930

CVE-2020-27930 is a memory corruption vulnerability in font parsing that can lead to arbitrary code execution when processing a malicious font. Affected Apple software includes macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, watchOS 7.1, and corresponding Security Updates (e.g., High Sierra/Mojave)....

7.8CVSS7.6AI score0.22178EPSS
In wild
CVE
CVE
added 2020/06/09 4:12 p.m.1066 views

CVE-2020-9819

CVE-2020-9819 is a memory consumption issue in Apple’s Mail processing that can lead to heap corruption when handling a maliciously crafted mail message. Public sources confirm the vulnerability affects Apple platforms and was fixed in specific updates: iOS 13.5, iPadOS 13.5, iOS 12.4.7, watchOS ...

4.3CVSS5AI score0.02178EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1040 views

CVE-2023-27930

CVE-2023-27930 is a kernel-level type confusion vulnerability addressed by Apple in iOS 16.5 / iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The issue allows an app to potentially execute arbitrary code with kernel privileges due to a type confusion in the kernel; Apple notes impro...

7.8CVSS7.5AI score0.00482EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.997 views

CVE-2023-32434

CVE-2023-32434 is an Apple kernel vulnerability in the XNU VM layer causing an integer overflow that could allow an app to execute code with kernel privileges. Public documentation confirms fixed in multiple OS versions (watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 / iPadOS 15.7.7, macOS Monte...

7.8CVSS7.9AI score0.51517EPSS
In wild
CVE
CVE
added 2020/02/27 8:45 p.m.965 views

CVE-2020-3837

CVE-2020-3837 is an Apple memory-corruption issue fixed in iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2, with potential to run arbitrary code with kernel privileges. Connected analysis documents reveal concrete Android exploitation research tied to this CVE fa...

9.3CVSS7.5AI score0.16111EPSS
In wild
CVE
CVE
added 2022/08/24 12:0 a.m.937 views

CVE-2022-32894

CVE-2022-32894 is an out-of-bounds write in Apple’s kernel code that could allow arbitrary code execution with kernel privileges. Affected products include iOS/iPadOS/macOS kernel components (macOS Big Sur and newer). The issue was fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, wi...

7.8CVSS7.9AI score0.03259EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.934 views

CVE-2023-32417

This CVE (CVE-2023-32417) affects Apple Watch on watchOS prior to 9.5 and is resolved in watchOS 9.5. Description and Apple security content confirm that a user with physical access to a locked Apple Watch could view photos or contacts via accessibility features. The root issue is described as re...

2.4CVSS3.6AI score0.00287EPSS
CVE
CVE
added 2025/07/15 1:44 p.m.885 views

CVE-2025-6965

CVE-2025-6965 affects SQLite prior to 3.50.2, where the number of aggregate terms could exceed available columns, causing a memory corruption issue. The description in the Initial document notes upgrading to 3.50.2 or newer as the recommended fix. Connected documents corroborate the vulnerability...

7.7CVSS6.6AI score0.73495EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.866 views

CVE-2024-27804

CVE-2024-27804 affects Apple platforms (iOS 17.5/iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5). The issue is described as improved memory handling that may allow an app to execute arbitrary code with kernel privileges. Affected component/behavior: memory handling in the kernel space. I...

8.1CVSS7.3AI score0.01325EPSS
CVE
CVE
added 2019/04/03 5:43 p.m.847 views

CVE-2018-4344

CVE-2018-4344 is a memory corruption issue often referred to as LightSpeed. The official entry notes a memory corruption in Apple OS components that was fixed with memory handling improvements, affecting iOS versions older than iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5. Several connected...

9.3CVSS8.1AI score0.02939EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.827 views

CVE-2023-32388

CVE-2023-32388 affects Apple platforms (watchOS 9.5; macOS Ventura 13.4; macOS Big Sur 11.7.7; macOS Monterey 12.6.6; iOS 15.7.6 and iPadOS 15.7.6; iOS 16.5 and iPadOS 16.5). The issue is a privacy vulnerability where private data redaction in log entries could be bypassed, enabling an app to byp...

5.5CVSS5.7AI score0.00239EPSS
CVE
CVE
added 2021/08/24 6:51 p.m.784 views

CVE-2021-31010

CVE-2021-31010 is a sandbox-bypass vulnerability affecting Apple platforms, reported in Core Telephony on macOS Catalina. It involves a deserialization issue that may bypass sandbox restrictions. The issue is fixed in Security Update 2021-005 Catalina (and related updates for iOS 12.5.5, iOS 14.8...

7.5CVSS6.7AI score0.03673EPSS
In wild
CVE
CVE
added 2023/07/26 11:55 p.m.763 views

CVE-2023-38606

CVE-2023-38606 affects Apple’s kernel across iOS, iPadOS, macOS, tvOS and watchOS; the issue allows an app to modify a sensitive kernel state. The vulnerability was addressed with updated state management and patches, with fixes in macOS Monterey 12.6.8, iOS 15.7.8/iPadOS 15.7.8, iOS 16.6/iPadOS ...

5.5CVSS5.4AI score0.01002EPSS
In wild
CVE
CVE
added 2021/10/28 6:17 p.m.683 views

CVE-2021-30836

CVE-2021-30836 is an out-of-bounds read vulnerability in WebKitGTK/WebKitGTK-based WebKit, manifested while processing a malicious audio file. The root cause is an input-validation/bounds-check issue leading to memory disclosure. Affected products include WebKitGTK/WebKitGTK2, with multiple advis...

5.5CVSS5.8AI score0.01035EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.682 views

CVE-2013-0340

CVE-2013-0340 concerns the expat XML parser. The issue arises from improper handling of XML entity expansion (XXE) unless an application enables XML_SetEntityDeclHandler. This can allow a remote attacker to cause denial of service (resource consumption), trigger requests to intranet endpoints, or...

6.8CVSS7.4AI score0.20093EPSS
Total number of security vulnerabilities1779