VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2017-11103HigJul 13, 2017
    risk 0.53cvss 8.1epss 0.05

    Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the…

  • CVE-2017-7668HigJun 20, 2017
    risk 0.53cvss 7.5epss 0.57

    The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…

  • CVE-2017-2389HigApr 2, 2017
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.

  • CVE-2016-7643HigFeb 20, 2017
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause…

  • CVE-2016-4725HigSep 25, 2016
    risk 0.53cvss 8.1epss 0.01

    IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-4655MedKEVAug 25, 2016
    risk 0.53cvss 5.5epss 0.33

    The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

  • CVE-2014-4422HigSep 18, 2014
    risk 0.53cvss 8.1epss 0.02

    The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related…

  • CVE-2009-0949HigJun 9, 2009
    risk 0.53cvss 7.5epss 0.20

    The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive…

  • CVE-2008-3438HigAug 1, 2008
    risk 0.53cvss 8.1epss 0.01

    Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2025-31223HigMay 12, 2025
    risk 0.52cvss 8.0epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2025-24223HigMay 12, 2025
    risk 0.52cvss 8.0epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2025-24137HigJan 27, 2025
    risk 0.52cvss 8.0epss 0.01

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.

  • CVE-2017-7054HigJul 20, 2017
    risk 0.52cvss 8.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-7051HigJul 20, 2017
    risk 0.52cvss 8.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-7050HigJul 20, 2017
    risk 0.52cvss 8.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2016-2105HigMay 5, 2016
    risk 0.52cvss 7.5epss 0.40

    Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

  • CVE-2008-5183HigNov 21, 2008
    risk 0.52cvss 7.5epss 0.09

    cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging…

  • CVE-2007-0342HigJan 18, 2007
    risk 0.52cvss 7.5epss 0.02

    WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different…

  • CVE-2025-31272HigJun 11, 2026
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

  • CVE-2025-43306HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.

  • CVE-2026-28840HigMay 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.

  • CVE-2026-20626HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.

  • CVE-2026-20615HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.

  • CVE-2026-20614HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to gain root privileges.

  • CVE-2026-20611HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously…

  • CVE-2024-44238HigJan 16, 2026
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory.

  • CVE-2025-46285HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to gain root…

  • CVE-2025-43527HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges.

  • CVE-2025-43512HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges.

  • CVE-2025-43402HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.

  • CVE-2025-43320HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

  • CVE-2025-43476HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-43474HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or read kernel memory.

  • CVE-2025-43472HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to gain root privileges.

  • CVE-2025-43407HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved entitlements. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-43386HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app…

  • CVE-2025-43364HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-43361HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.

  • CVE-2025-43372HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process…

  • CVE-2025-43341HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.

  • CVE-2025-43316HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges.

  • CVE-2025-43298HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.

  • CVE-2025-43286HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.

  • CVE-2025-43187HigAug 29, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Running an hdiutil command may unexpectedly execute arbitrary code.

  • CVE-2025-43277HigJul 30, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted audio file may lead to memory corruption.

  • CVE-2025-31243HigJul 30, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.

  • CVE-2025-24119HigJul 30, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

  • CVE-2025-31259HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to capture a screenshot of an app entering or exiting full screen mode.

  • CVE-2025-31224HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences.

  • CVE-2025-31222HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.

Page 13 of 169