VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,451 total · sorted by risk
  • CVE-2025-24088Sep 15, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.

  • CVE-2025-43287Sep 15, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.

  • CVE-2025-43340Sep 15, 2025
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.

  • CVE-2025-43263Sep 15, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.

  • CVE-2025-43371Sep 15, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.

  • CVE-2025-43279Sep 15, 2025
    risk 0.00cvss epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.

  • CVE-2025-30468Sep 15, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.

  • CVE-2025-43297Sep 15, 2025
    risk 0.00cvss epss 0.00

    A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.

  • CVE-2025-31254Sep 15, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.

  • CVE-2025-43307Sep 15, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

  • CVE-2025-43370Sep 15, 2025
    risk 0.00cvss epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.

  • CVE-2025-43262Sep 15, 2025
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.

  • CVE-2025-43331Sep 15, 2025
    risk 0.00cvss epss 0.00

    A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.

  • CVE-2025-43366Sep 15, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.

  • CVE-2024-54554Aug 29, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

  • CVE-2024-54568Aug 29, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.

  • CVE-2024-44271Aug 29, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.

  • CVE-2025-43268Aug 29, 2025
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.

  • CVE-2025-43201Aug 15, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.

  • CVE-2024-27301HigMar 14, 2024
    risk 0.00cvss 7.3epss 0.00

    Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang…

  • CVE-2022-26691MedMay 26, 2022
    risk 0.00cvss 6.7epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

  • CVE-2017-18248MedMar 26, 2018
    risk 0.00cvss 5.3epss 0.02

    The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

  • CVE-2017-18190HigFeb 16, 2018
    risk 0.00cvss 7.5epss 0.03

    A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often…

  • CVE-2015-8242Dec 15, 2015
    risk 0.00cvss epss 0.04

    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7500Dec 15, 2015
    risk 0.00cvss epss 0.06

    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

  • CVE-2015-5312Dec 15, 2015
    risk 0.00cvss epss 0.05

    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

  • CVE-2015-7113Dec 11, 2015
    risk 0.00cvss epss 0.03

    The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.

  • CVE-2015-7111Dec 11, 2015
    risk 0.00cvss epss 0.03

    The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…

  • CVE-2015-7109Dec 11, 2015
    risk 0.00cvss epss 0.02

    IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2015-7107Dec 11, 2015
    risk 0.00cvss epss 0.03

    QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

  • CVE-2015-7105Dec 11, 2015
    risk 0.00cvss epss 0.04

    CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

  • CVE-2015-7104Dec 11, 2015
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

  • CVE-2015-7103Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7102Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7101Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7100Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7099Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7098Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7097Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7096Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…

  • CVE-2015-7095Dec 11, 2015
    risk 0.00cvss epss 0.03

    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096,…

  • CVE-2015-7094Dec 11, 2015
    risk 0.00cvss epss 0.01

    CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

  • CVE-2015-7093Dec 11, 2015
    risk 0.00cvss epss 0.01

    Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.

  • CVE-2015-7082Dec 11, 2015
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.

  • CVE-2015-7081Dec 11, 2015
    risk 0.00cvss epss 0.02

    iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2015-7080Dec 11, 2015
    risk 0.00cvss epss 0.00

    Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.

  • CVE-2015-7079Dec 11, 2015
    risk 0.00cvss epss 0.03

    dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2015-7076Dec 11, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2015-7075Dec 11, 2015
    risk 0.00cvss epss 0.04

    CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

  • CVE-2015-7074Dec 11, 2015
    risk 0.00cvss epss 0.03

    CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

Page 114 of 170