watchOS
by Apple Inc.
CVEs (1,578)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5847 | 0.00 | — | 0.00 | Sep 18, 2015 | The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-5846 | 0.00 | — | 0.03 | Sep 18, 2015 | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845. | |||
| CVE-2015-5845 | 0.00 | — | 0.03 | Sep 18, 2015 | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846. | |||
| CVE-2015-5844 | 0.00 | — | 0.03 | Sep 18, 2015 | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. | |||
| CVE-2015-5843 | 0.00 | — | 0.00 | Sep 18, 2015 | IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-5842 | 0.00 | — | 0.00 | Sep 18, 2015 | XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | |||
| CVE-2015-5840 | 0.00 | — | 0.02 | Sep 18, 2015 | The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | |||
| CVE-2015-5839 | 0.00 | — | 0.02 | Sep 18, 2015 | dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||
| CVE-2015-5837 | 0.00 | — | 0.01 | Sep 18, 2015 | PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||
| CVE-2015-5834 | 0.00 | — | 0.01 | Sep 18, 2015 | IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5829 | 0.00 | — | 0.03 | Sep 18, 2015 | Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. | |||
| CVE-2015-5824 | 0.00 | — | 0.00 | Sep 18, 2015 | The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2015-5523 | 0.00 | — | 0.04 | Aug 11, 2015 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | |||
| CVE-2015-5522 | 0.00 | — | 0.05 | Aug 11, 2015 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | |||
| CVE-2015-3416 | 0.00 | — | 0.06 | Apr 24, 2015 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or… | |||
| CVE-2015-3415 | 0.00 | — | 0.05 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as… | |||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… | |||
| CVE-2013-3951 | 0.00 | — | 0.00 | Jun 5, 2013 | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path… |
- CVE-2015-5847Sep 18, 2015risk 0.00cvss —epss 0.00
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-5846Sep 18, 2015risk 0.00cvss —epss 0.03
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.
- CVE-2015-5845Sep 18, 2015risk 0.00cvss —epss 0.03
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.
- CVE-2015-5844Sep 18, 2015risk 0.00cvss —epss 0.03
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.
- CVE-2015-5843Sep 18, 2015risk 0.00cvss —epss 0.00
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-5842Sep 18, 2015risk 0.00cvss —epss 0.00
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
- CVE-2015-5840Sep 18, 2015risk 0.00cvss —epss 0.02
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
- CVE-2015-5839Sep 18, 2015risk 0.00cvss —epss 0.02
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
- CVE-2015-5837Sep 18, 2015risk 0.00cvss —epss 0.01
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
- CVE-2015-5834Sep 18, 2015risk 0.00cvss —epss 0.01
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-5829Sep 18, 2015risk 0.00cvss —epss 0.03
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.
- CVE-2015-5824Sep 18, 2015risk 0.00cvss —epss 0.00
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted…
- CVE-2015-5523Aug 11, 2015risk 0.00cvss —epss 0.04
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
- CVE-2015-5522Aug 11, 2015risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
- CVE-2015-3416Apr 24, 2015risk 0.00cvss —epss 0.06
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…
- CVE-2015-3415Apr 24, 2015risk 0.00cvss —epss 0.05
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…
- CVE-2013-3951Jun 5, 2013risk 0.00cvss —epss 0.00
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path…
Page 79 of 79