Total
3661 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4418 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | |||||
CVE-2015-1107 | 1 Apple | 1 Iphone Os | 2024-02-28 | 1.9 LOW | N/A |
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | |||||
CVE-2015-1078 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
CVE-2014-1282 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.8 MEDIUM | N/A |
The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | |||||
CVE-2014-4463 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||||
CVE-2014-1366 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | |||||
CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 5.0 MEDIUM | N/A |
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-4496 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.0 MEDIUM | N/A |
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
CVE-2015-1081 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
CVE-2014-4479 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. | |||||
CVE-2015-1110 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.0 MEDIUM | N/A |
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | |||||
CVE-2014-4377 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | |||||
CVE-2014-1285 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.8 MEDIUM | N/A |
Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | |||||
CVE-2015-1121 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | |||||
CVE-2015-1091 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 4.3 MEDIUM | N/A |
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2015-1061 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 9.3 HIGH | N/A |
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. | |||||
CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.4 MEDIUM | N/A |
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||||
CVE-2014-1359 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. | |||||
CVE-2014-1286 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | |||||
CVE-2014-3187 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. |