CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
93 results · Page 2/4
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple · iOS and iPadOS
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple Multiple Products WebKit Code Execution Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple · iOS, iPadOS, and macOS
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple · iOS, iPadOS, and watchOS
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple Multiple Products Kernel Unspecified Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apple Multiple Products WebKit Code Execution Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Apple Multiple Products Integer Overflow Vulnerability
Apple · Multiple Products
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple macOS Use-After-Free Vulnerability
Apple · macOS
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple · Multiple Products
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple · iOS, iPadOS, and macOS
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Required Action
Apply updates per vendor instructions.
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple · iOS, iPadOS, and macOS
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Required Action
Apply updates per vendor instructions.
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple · Multiple Products
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action
Apply updates per vendor instructions.
Apple iOS Type Confusion Vulnerability
Apple · iOS
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
Required Action
Apply updates per vendor instructions.
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple · iOS and iPadOS
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Required Action
Apply updates per vendor instructions.
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Apple · iOS, iPadOS, and macOS
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Required Action
Apply updates per vendor instructions.
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Apple · iOS, iPadOS, and macOS
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Required Action
Apply updates per vendor instructions.
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
Apple · iOS, macOS, watchOS
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
Required Action
Apply updates per vendor instructions.
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple · iOS and macOS
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Required Action
Apply updates per vendor instructions.
