Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Watchos
Total 1474 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5858 1 Apple 2 Iphone Os, Watchos 2024-02-28 5.0 MEDIUM N/A
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.
CVE-2016-1811 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVE-2015-7053 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 6.8 MEDIUM N/A
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
CVE-2016-4631 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
CVE-2016-1720 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 7.2 HIGH 7.8 HIGH
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1840 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVE-2016-4775 1 Apple 3 Mac Os X, Tvos, Watchos 2024-02-28 7.2 HIGH 7.8 HIGH
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-8659 2 Apple, Nghttp2 5 Iphone Os, Mac Os X, Tvos and 2 more 2024-02-28 10.0 HIGH 10.0 CRITICAL
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
CVE-2016-4712 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 9.3 HIGH 7.8 HIGH
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVE-2013-0340 3 Apple, Libexpat Project, Python 7 Ipados, Iphone Os, Macos and 4 more 2024-02-28 6.8 MEDIUM N/A
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVE-2015-3416 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2024-02-28 7.5 HIGH N/A
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CVE-2015-3415 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2024-02-28 7.5 HIGH N/A
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CVE-2015-3414 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2024-02-28 7.5 HIGH N/A
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
CVE-2013-3951 1 Apple 3 Iphone Os, Mac Os X, Watchos 2024-02-28 4.6 MEDIUM N/A
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.