Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-42849

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-25 Oct, 2023 | 18:32
Updated At-13 Feb, 2025 | 17:09
Rejected At-
Credits

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:25 Oct, 2023 | 18:32
Updated At:13 Feb, 2025 | 17:09
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 16.7 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.1 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 10.1 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 13.6 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17.1 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 12.7 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Type: N/A
CWE ID: N/A
Description: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213981
N/A
https://support.apple.com/en-us/HT213984
N/A
https://support.apple.com/en-us/HT213988
N/A
https://support.apple.com/en-us/HT213985
N/A
https://support.apple.com/en-us/HT213982
N/A
https://support.apple.com/en-us/HT213983
N/A
https://support.apple.com/kb/HT213982
N/A
https://support.apple.com/kb/HT213984
N/A
https://support.apple.com/kb/HT213985
N/A
https://support.apple.com/kb/HT213988
N/A
https://support.apple.com/kb/HT213981
N/A
https://support.apple.com/kb/HT213983
N/A
http://seclists.org/fulldisclosure/2023/Oct/23
N/A
http://seclists.org/fulldisclosure/2023/Oct/19
N/A
http://seclists.org/fulldisclosure/2023/Oct/21
N/A
http://seclists.org/fulldisclosure/2023/Oct/24
N/A
http://seclists.org/fulldisclosure/2023/Oct/26
N/A
http://seclists.org/fulldisclosure/2023/Oct/25
N/A
Hyperlink: https://support.apple.com/en-us/HT213981
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213984
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213988
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213985
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213982
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213983
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213982
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213984
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213985
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213988
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213981
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213983
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/23
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/19
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/21
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/26
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/25
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213981
x_transferred
https://support.apple.com/en-us/HT213984
x_transferred
https://support.apple.com/en-us/HT213988
x_transferred
https://support.apple.com/en-us/HT213985
x_transferred
https://support.apple.com/en-us/HT213982
x_transferred
https://support.apple.com/en-us/HT213983
x_transferred
https://support.apple.com/kb/HT213982
x_transferred
https://support.apple.com/kb/HT213984
x_transferred
https://support.apple.com/kb/HT213985
x_transferred
https://support.apple.com/kb/HT213988
x_transferred
https://support.apple.com/kb/HT213981
x_transferred
https://support.apple.com/kb/HT213983
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/23
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/19
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/21
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/24
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/26
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/25
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213981
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213984
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213988
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213985
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213982
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213983
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213982
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213984
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213985
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213988
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213981
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213983
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/23
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/19
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/21
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/26
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/25
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:25 Oct, 2023 | 19:15
Updated At:02 Nov, 2023 | 18:16

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 16.7.2(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions from 17.0(inclusive) to 17.1(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 16.7.2(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions from 17.0(inclusive) to 17.1(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 12.0.0(inclusive) to 12.7.1(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 13.0(inclusive) to 13.6.1(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.1(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 10.1(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Oct/19product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/21product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/24product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/25product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/26product-security@apple.com
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT213981product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213982product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213983product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213984product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213985product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213988product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213981product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213982product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213983product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213984product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213985product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213988product-security@apple.com
Release Notes
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/19
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/21
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/23
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/24
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/25
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/26
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT213981
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213982
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213983
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213984
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213985
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213988
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213981
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213982
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213983
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213984
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213985
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213988
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2353Records found
CVE-2018-4336
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.89%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7081
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7027
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7026
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4332
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.97% / 76.47%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4272
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.36%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0637
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.97% / 76.37%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunessafariwebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7076
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.77%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4096
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.64% / 70.25%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchosapple_tvsafarimac_os_xwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7107
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7005
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-3.22% / 86.86%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafaritvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0633
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.84% / 82.73%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7042
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-14.37% / 94.31%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwebkitwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0605
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.00% / 83.45%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1275
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 78.27%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4161
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.72% / 72.27%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7103
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.93% / 89.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4236
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0591
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.00% / 83.45%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7110
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-10.95% / 93.30%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4163
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.54% / 67.29%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7172
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.84% / 74.54%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvosmac_os_xwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0629
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.84% / 82.73%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4271
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 72.40%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7095
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0613
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.00% / 83.45%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4082
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.48%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_oswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0660
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.77% / 82.45%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7032
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.57%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6999
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.68% / 71.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0666
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.17% / 88.53%
||
7 Day CHG~0.00%
Published-16 May, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-quicktimewindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7065
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.94% / 76.06%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0619
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.84% / 82.73%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7094
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0606
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.00% / 83.45%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7160
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.90% / 75.39%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariubuntu_linuxwebkitwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4214
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-7.21% / 91.48%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6994
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.68% / 71.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6996
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.68% / 71.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4337
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.89%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0668
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.50% / 85.15%
||
7 Day CHG~0.00%
Published-16 May, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0650
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.23%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6978
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.15%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6982
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.18% / 78.58%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7000
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.86%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-chromiumn/aDebian GNU/LinuxRed Hat, Inc.Apple Inc.
Product-enterprise_linux_serveriphone_osdebian_linuxchromiumenterprise_linux_workstationmac_os_xenterprise_linux_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4130
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.67%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4206
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-7.65% / 91.77%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_oswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4101
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.55% / 67.67%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0654
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 68.05%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4125
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.54% / 67.29%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 47
  • 48
  • Next
Details not found