VYPR

Iphone OS

by Apple Inc.

CVEs (2,060)

  • CVE-2024-54542CriJan 27, 2025
    risk 0.59cvss 9.1epss 0.01

    An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.

  • CVE-2024-54530CriJan 27, 2025
    risk 0.59cvss 9.1epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.

  • CVE-2024-54512CriJan 27, 2025
    risk 0.59cvss 9.1epss 0.00

    The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.

  • CVE-2016-4622HigJul 22, 2016
    risk 0.59cvss 8.8epss 0.19

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

  • CVE-2017-7092HigOct 23, 2017
    risk 0.58cvss 8.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows…

  • CVE-2016-9842HigMay 23, 2017
    risk 0.58cvss 8.8epss 0.05

    The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

  • CVE-2016-9840HigMay 23, 2017
    risk 0.58cvss 8.8epss 0.05

    inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

  • CVE-2016-4637HigJul 22, 2016
    risk 0.58cvss 8.8epss 0.04

    CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

  • CVE-2016-4631HigJul 22, 2016
    risk 0.58cvss 8.8epss 0.05

    ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

  • CVE-2016-1835HigMay 20, 2016
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1778HigMar 24, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-1950HigMar 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an…

  • CVE-2016-1727HigFeb 1, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

  • CVE-2016-1726HigFeb 1, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.

  • CVE-2016-1725HigFeb 1, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.

  • CVE-2016-1723HigFeb 1, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.

  • CVE-2025-43202HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.

  • CVE-2026-20667HigFeb 11, 2026
    risk 0.57cvss 8.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.

  • CVE-2026-20616HigFeb 11, 2026
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.

  • CVE-2025-43433HigNov 4, 2025
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.

Page 8 of 103