VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2022-22599LowMar 18, 2022
    risk 0.16cvss 2.4epss 0.00

    Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information…

  • CVE-2021-30816LowOct 28, 2021
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.

  • CVE-2021-30815LowOct 19, 2021
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.

  • CVE-2021-1863LowSep 8, 2021
    risk 0.16cvss 2.4epss 0.00

    An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone…

  • CVE-2021-1862LowSep 8, 2021
    risk 0.16cvss 2.4epss 0.00

    Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.

  • CVE-2021-30956LowAug 24, 2021
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.

  • CVE-2021-30918LowAug 24, 2021
    risk 0.16cvss 2.4epss 0.00

    A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen.

  • CVE-2021-30915LowAug 24, 2021
    risk 0.16cvss 2.4epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to…

  • CVE-2021-1756LowApr 2, 2021
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information.

  • CVE-2021-1755LowApr 2, 2021
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2019-8799LowOct 27, 2020
    risk 0.16cvss 2.4epss 0.00

    This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.

  • CVE-2019-8777LowOct 27, 2020
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view…

  • CVE-2019-8732LowOct 27, 2020
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.

  • CVE-2020-9959LowOct 16, 2020
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the…

  • CVE-2020-9848LowJun 9, 2020
    risk 0.16cvss 2.4epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.

  • CVE-2020-3891LowApr 1, 2020
    risk 0.16cvss 2.4epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

  • CVE-2020-3859LowFeb 27, 2020
    risk 0.16cvss 2.4epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2020-3828LowFeb 27, 2020
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2019-8775LowDec 18, 2019
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2019-8757LowDec 18, 2019
    risk 0.16cvss 2.5epss 0.00

    A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.

  • CVE-2019-8742LowDec 18, 2019
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2019-8682LowDec 18, 2019
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

  • CVE-2019-8599LowDec 18, 2019
    risk 0.16cvss 2.4epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.

  • CVE-2019-8548LowDec 18, 2019
    risk 0.16cvss 2.4epss 0.00

    An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to…

  • CVE-2018-4430LowApr 3, 2019
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.

  • CVE-2018-4387LowApr 3, 2019
    risk 0.16cvss 2.4epss 0.00

    A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.

  • CVE-2018-4325LowApr 3, 2019
    risk 0.16cvss 2.4epss 0.00

    A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.

  • CVE-2018-4238LowJun 8, 2018
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.

  • CVE-2018-4123LowApr 3, 2018
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.

  • CVE-2017-13844LowNov 13, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.

  • CVE-2017-13805LowNov 13, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been…

  • CVE-2017-7139LowOct 23, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action.

  • CVE-2017-7082LowOct 23, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.

  • CVE-2017-7058LowJul 20, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen.

  • CVE-2017-2397LowApr 2, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.

  • CVE-2017-2351LowFeb 20, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors.

  • CVE-2016-7765LowFeb 20, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents.

  • CVE-2016-7664LowFeb 20, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options…

  • CVE-2016-7653LowFeb 20, 2017
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access.

  • CVE-2016-4593LowJul 22, 2016
    risk 0.16cvss 2.4epss 0.00

    The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

  • CVE-2016-1852LowMay 20, 2016
    risk 0.16cvss 2.4epss 0.00

    Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

  • CVE-2024-44123LowOct 28, 2024
    risk 0.15cvss 2.3epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.

  • CVE-2025-43423LowNov 4, 2025
    risk 0.13cvss 2.0epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able…

  • CVE-2026-20700KEVFeb 11, 2026
    risk 0.12cvss epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a…

  • CVE-2015-0235Jan 28, 2015
    risk 0.11cvss epss 0.95

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2008-0226Jan 10, 2008
    risk 0.10cvss epss 0.92

    Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

  • CVE-2007-2175Apr 24, 2007
    risk 0.10cvss epss 0.84

    Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory…

  • CVE-2003-0201May 5, 2003
    risk 0.10cvss epss 0.84

    Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

  • CVE-2002-0656Aug 12, 2002
    risk 0.10cvss epss 0.90

    Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

  • CVE-2014-8517Nov 17, 2014
    risk 0.09cvss epss 0.69

    The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

Page 101 of 170