Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-4371

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-18 Sep, 2014 | 10:00
Updated At-06 Aug, 2024 | 11:12
Rejected At-
Credits

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:18 Sep, 2014 | 10:00
Updated At:06 Aug, 2024 | 11:12
Rejected At:
▼CVE Numbering Authority (CNA)

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT6441
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id/1030866
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/69919
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT6442
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
vendor-advisory
x_refsource_APPLE
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/69882
vdb-entry
x_refsource_BID
http://support.apple.com/HT204244
x_refsource_CONFIRM
https://support.apple.com/kb/HT6535
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
vendor-advisory
x_refsource_APPLE
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT6441
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id/1030866
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/69919
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.apple.com/kb/HT6442
Resource:
x_refsource_CONFIRM
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/69882
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.apple.com/HT204244
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT6535
Resource:
x_refsource_CONFIRM
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT6441
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id/1030866
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/69919
vdb-entry
x_refsource_BID
x_transferred
http://support.apple.com/kb/HT6442
x_refsource_CONFIRM
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/69882
vdb-entry
x_refsource_BID
x_transferred
http://support.apple.com/HT204244
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT6535
x_refsource_CONFIRM
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT6441
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030866
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/69919
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.apple.com/kb/HT6442
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/69882
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.apple.com/HT204244
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT6535
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:18 Sep, 2014 | 10:55
Updated At:12 Apr, 2025 | 10:46

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.01.9LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 1.9
Base severity: LOW
Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Apple Inc.
apple
>>tvos>>Versions up to 6.2(inclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.0
cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.0.1
cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.0.2
cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.1
cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.1.1
cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>6.1.2
cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions up to 10.9.5(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions up to 7.1.2(inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.1
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.2
cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.3
cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.4
cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.5
cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.0.6
cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.1
cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>7.1.1
cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-665Primarynvd@nist.gov
CWE ID: CWE-665
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlproduct-security@apple.com
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlproduct-security@apple.com
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlproduct-security@apple.com
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlproduct-security@apple.com
Mailing List
Vendor Advisory
http://support.apple.com/HT204244product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT6441product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT6442product-security@apple.com
Vendor Advisory
http://www.securityfocus.com/bid/69882product-security@apple.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/69919product-security@apple.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030866product-security@apple.com
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100product-security@apple.com
VDB Entry
https://support.apple.com/kb/HT6535product-security@apple.com
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://support.apple.com/HT204244af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT6441af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT6442af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/69882af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/69919af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030866af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100af854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://support.apple.com/kb/HT6535af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Source: product-security@apple.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://support.apple.com/HT204244
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT6441
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT6442
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/69882
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/69919
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1030866
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
Source: product-security@apple.com
Resource:
VDB Entry
Hyperlink: https://support.apple.com/kb/HT6535
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://support.apple.com/HT204244
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT6441
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT6442
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/69882
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/69919
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1030866
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96100
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Hyperlink: https://support.apple.com/kb/HT6535
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

77Records found
CVE-2020-9964
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.11%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:55
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-9775
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.04%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:55
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xipadosiOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-9863
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:54
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2022-26721
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.40%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 18:52
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xSecurity Update - CatalinamacOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-3919
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:54
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-27950
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-37.74% / 97.09%
||
7 Day CHG-0.58%
Published-08 Dec, 2020 | 20:17
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadoswatchosiphone_osmacoswatchOSiOS and iPadOSmacOSMultiple Products
CWE ID-CWE-665
Improper Initialization
CVE-2019-8504
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2019-8552
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.90%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2019-8629
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.62%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-665
Improper Initialization
CVE-2019-8540
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.85% / 73.95%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2019-6208
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-6.47% / 90.69%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xtv_ostvOSmacOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2018-4351
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.30%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-665
Improper Initialization
CVE-2021-36006
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.28% / 50.90%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) are affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-665
Improper Initialization
CVE-2021-1780
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:58
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-665
Improper Initialization
CVE-2021-1857
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 68.65%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:44
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_osipadostvoswatchosmac_os_xmacosicloudiTunes for WindowswatchOSiCloud for WindowsmacOStvOSiOS and iPadOS
CWE ID-CWE-665
Improper Initialization
CVE-2021-1820
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:54
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-665
Improper Initialization
CVE-2021-1860
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 65.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:45
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-9833
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:15
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-665
Improper Initialization
CVE-2020-3872
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 54.85%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2019-6230
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.6||HIGH
EPSS-0.35% / 56.90%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2018-8121
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 ServersWindows 10
CWE ID-CWE-665
Improper Initialization
CVE-2018-0901
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-11.24% / 93.24%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-665
Improper Initialization
CVE-2018-0810
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 02:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_server_2008Windows
CWE ID-CWE-665
Improper Initialization
CVE-2018-0897
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-3.71% / 87.49%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0895
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-8.62% / 92.05%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-665
Improper Initialization
CVE-2018-0746
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.43% / 84.54%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0745
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-6.73% / 90.89%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows kernel
CWE ID-CWE-665
Improper Initialization
  • Previous
  • 1
  • 2
  • Next
Details not found