Filtered by vendor Apple
Subscriptions
Filtered by product Watchos
Subscriptions
Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27863 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-12 | 5.5 Medium |
| An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout. | ||||
| CVE-2023-42950 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-09 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2013-3951 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-08-06 | N/A |
| sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | ||||
| CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-06 | N/A |
| expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | ||||
| CVE-2014-8146 | 2 Apple, Icu-project | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2024-08-06 | N/A |
| The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | ||||
| CVE-2014-8147 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2024-08-06 | N/A |
| The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. | ||||
| CVE-2015-8659 | 2 Apple, Nghttp2 | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-08-06 | N/A |
| The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | ||||
| CVE-2015-8242 | 5 Apple, Canonical, Hp and 2 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-08-06 | N/A |
| The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | ||||
| CVE-2015-8035 | 5 Apple, Canonical, Debian and 2 more | 10 Iphone Os, Mac Os X, Tvos and 7 more | 2024-08-06 | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | ||||
| CVE-2015-7995 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-08-06 | N/A |
| The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | ||||
| CVE-2015-7988 | 1 Apple | 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more | 2024-08-06 | N/A |
| The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| CVE-2015-7987 | 1 Apple | 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more | 2024-08-06 | N/A |
| Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. | ||||
| CVE-2015-7942 | 6 Apple, Canonical, Debian and 3 more | 11 Iphone Os, Mac Os X, Tvos and 8 more | 2024-08-06 | N/A |
| The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. | ||||
| CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2024-08-06 | N/A |
| The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | ||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 17 Iphone Os, Mac Os X, Tvos and 14 more | 2024-08-06 | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | ||||
| CVE-2015-7111 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
| The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112. | ||||
| CVE-2015-7112 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
| The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111. | ||||
| CVE-2015-7113 | 1 Apple | 2 Iphone Os, Watchos | 2024-08-06 | N/A |
| The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. | ||||
| CVE-2015-7105 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
| CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | ||||
| CVE-2015-7084 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
| The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083. | ||||