Total
3661 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1287 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 7.2 HIGH | N/A |
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | |||||
CVE-2015-1106 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | |||||
CVE-2015-1114 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 1.9 LOW | N/A |
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. | |||||
CVE-2015-1123 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. | |||||
CVE-2015-1129 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | |||||
CVE-2015-1101 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 6.9 MEDIUM | N/A |
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2015-1067 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 4.3 MEDIUM | N/A |
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. | |||||
CVE-2014-1345 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
CVE-2014-4485 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | |||||
CVE-2014-4465 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. | |||||
CVE-2014-1348 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. | |||||
CVE-2014-4488 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-1082 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
CVE-2014-4486 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2014-3192 | 3 Apple, Google, Redhat | 9 Iphone Os, Itunes, Safari and 6 more | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-4381 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 9.3 HIGH | N/A |
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | |||||
CVE-2014-4484 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 7.5 HIGH | N/A |
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. | |||||
CVE-2014-4414 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | |||||
CVE-2014-4462 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. | |||||
CVE-2014-1278 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 7.2 HIGH | N/A |
The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call. |