Skip to main content

Iphone Os

2985 CVEs product

Monthly

CVE-2014-4412 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4411 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4410 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4409 MEDIUM This Month

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-4408 MEDIUM This Month

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4407 LOW Monitor

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os Mac Os X
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2014-4405 CRITICAL Act Now

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os Tvos +1
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4389 CRITICAL Act Now

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Iphone Os Tvos Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4388 HIGH This Week

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X Iphone Os Tvos
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2014-4386 LOW Monitor

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-4384 LOW Monitor

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Rated low severity (CVSS 1.9). No vendor patch available.

Path Traversal Apple Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-4383 MEDIUM This Month

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4381 CRITICAL Act Now

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4380 CRITICAL Act Now

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Tvos Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2014-4379 HIGH This Week

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
7.1
EPSS
1.9%
CVE-2014-4378 MEDIUM This Month

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
5.8
EPSS
2.1%
CVE-2014-4377 MEDIUM This Month

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service Apple RCE Tvos Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
11.3%
CVE-2014-4375 HIGH This Week

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X Tvos Iphone Os
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-4374 MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Mac Os X Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4373 MEDIUM This Month

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-4372 LOW Monitor

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2014-4371 LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4369 HIGH This Week

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2014-4368 MEDIUM This Month

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-4367 LOW Monitor

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4366 MEDIUM This Month

Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4364 MEDIUM This Month

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 3.0
5.6
EPSS
0.5%
CVE-2014-4363 MEDIUM This Month

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Safari
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4362 MEDIUM This Month

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4361 MEDIUM This Month

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4357 LOW Monitor

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4356 LOW Monitor

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4354 MEDIUM This Month

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4353 MEDIUM This Month

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-4352 LOW Monitor

Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-1382 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1368 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1367 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1366 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1365 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1364 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1363 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1362 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1361 MEDIUM This Month

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1360 LOW Monitor

Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1359 CRITICAL Act Now

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Tvos Iphone Os Mac Os X
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-1358 CRITICAL Act Now

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1357 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Tvos Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1356 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1355 MEDIUM This Month

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1354 MEDIUM This Month

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1353 LOW Monitor

Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-1352 LOW Monitor

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-1351 LOW Monitor

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-1350 MEDIUM This Month

Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-1349 MEDIUM This Month

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2014-1348 LOW Monitor

Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1345 MEDIUM This Month

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1325 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1320 MEDIUM This Month

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1296 MEDIUM This Month

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os Mac Os X Mac Os X Server +1
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1295 MEDIUM POC This Month

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Tvos
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-1294 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1293 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1292 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1291 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1290 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1289 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1287 HIGH POC This Week

USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD Exploit-DB VulDB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-1286 MEDIUM This Month

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1285 MEDIUM This Month

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-1282 MEDIUM This Month

The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1281 LOW Monitor

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-1280 HIGH This Week

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-1278 HIGH This Week

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1276 MEDIUM This Month

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1275 MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-1274 LOW Monitor

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1273 MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1272 MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2014-1271 HIGH This Week

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.8
EPSS
0.3%
CVE-2014-1267 MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6835 MEDIUM POC THREAT This Month

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Apple Privilege Escalation Iphone Os
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
19.5%
CVE-2013-5133 HIGH This Week

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
8.8
EPSS
0.6%
CVE-2014-1266 HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.4
EPSS
17.9%
CVE-2014-2019 MEDIUM POC This Month

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2014-1252 HIGH This Week

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft RCE Pages +2
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-0340 MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Ipados +4
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5228 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Itunes +4
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-5225 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +4
NVD
CVSS 2.0
6.8
EPSS
2.1%
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos +2
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE +3
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Iphone Os +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X +2
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Rated low severity (CVSS 1.9). No vendor patch available.

Path Traversal Apple Iphone Os
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 7.1
HIGH This Week

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow Tvos +2
NVD
EPSS 2% CVSS 5.8
MEDIUM This Month

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD
EPSS 11% CVSS 6.8
MEDIUM This Month

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service Apple RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Mac Os X +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os +2
NVD
EPSS 0% CVSS 3.6
LOW Monitor

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Iphone Os +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Tvos +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE +1
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari +1
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +4
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os +2
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Tvos +1
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Tvos +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos +1
NVD VulDB
EPSS 19% CVSS 5.0
MEDIUM POC THREAT This Month

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Apple Privilege Escalation Iphone Os
NVD Exploit-DB VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
EPSS 18% CVSS 7.4
HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft +3
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft +4
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat +6
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
Prev Page 31 of 34 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy