Filtered by vendor Apple
Subscriptions
Filtered by product Ipados
Subscriptions
Total
1379 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-8782 | 2 Apple, Redhat | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-11-21 | 8.8 High |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2019-8779 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 10.0 Critical |
A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. | ||||
CVE-2019-8775 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 2.4 Low |
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | ||||
CVE-2019-8769 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 4.3 Medium |
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. | ||||
CVE-2019-8763 | 2 Apple, Redhat | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-11-21 | 8.8 High |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2019-20044 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-11-21 | 7.8 High |
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | ||||
CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-11-21 | 7.5 High |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | ||||
CVE-2019-15165 | 8 Apple, Canonical, Debian and 5 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-11-21 | 5.3 Medium |
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | ||||
CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-11-21 | 3.1 Low |
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | ||||
CVE-2019-14899 | 4 Apple, Freebsd, Linux and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2024-11-21 | 7.4 High |
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | ||||
CVE-2013-0899 | 6 Apple, Google, Linux and 3 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2024-11-21 | N/A |
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | ||||
CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | N/A |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | ||||
CVE-2024-44296 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Macos and 6 more | 2024-11-14 | 5.4 Medium |
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
CVE-2024-44258 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-06 | 7.1 High |
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
CVE-2024-44205 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-06 | 5.5 Medium |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs. | ||||
CVE-2024-44233 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-05 | 6.5 Medium |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
CVE-2024-44185 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2024-11-05 | 5.5 Medium |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
CVE-2024-44234 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-05 | 6.5 Medium |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
CVE-2024-44232 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-05 | 6.5 Medium |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
CVE-2024-44255 | 1 Apple | 8 Ipados, Iphone Os, Mac Os and 5 more | 2024-11-01 | 8.4 High |
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent. |