VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,439 total · sorted by risk
  • CVE-2019-6219HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

  • CVE-2018-4277HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.02

    In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

  • CVE-2018-4217HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.

  • CVE-2018-4186HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.

  • CVE-2018-4185HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.03

    In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.

  • CVE-2017-13888HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

  • CVE-2017-13887HigJan 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.

  • CVE-2018-4230HigJun 8, 2018
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits…

  • CVE-2018-4227HigJun 8, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

  • CVE-2018-4221HigJun 8, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.

  • CVE-2018-4184HigJun 8, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.

  • CVE-2018-4142HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service…

  • CVE-2018-4140HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.

  • CVE-2018-4137HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.

  • CVE-2018-4100HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource…

  • CVE-2017-13837HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.

  • CVE-2017-13903HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by…

  • CVE-2017-13878HigDec 25, 2017
    risk 0.49cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).

  • CVE-2017-13874HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.

  • CVE-2017-13871HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an…

  • CVE-2017-7133HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that…

  • CVE-2017-7116HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.

  • CVE-2017-7090HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows…

  • CVE-2017-7086HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource…

  • CVE-2017-7080HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust…

  • CVE-2017-11122HigOct 4, 2017
    risk 0.49cvss 7.5epss 0.02

    On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

  • CVE-2017-14315HigSep 12, 2017
    risk 0.49cvss 7.5epss 0.01

    In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly…

  • CVE-2017-7063HigJul 20, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).

  • CVE-2017-7007HigJul 20, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).

  • CVE-2017-6979HigMay 22, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute…

  • CVE-2017-2533HigMay 22, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-2501HigMay 22, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary…

  • CVE-2017-2498HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.

  • CVE-2016-10226HigApr 3, 2017
    risk 0.49cvss 7.5epss 0.02

    JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to…

  • CVE-2016-10222HigApr 3, 2017
    risk 0.49cvss 7.5epss 0.02

    runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the…

  • CVE-2017-2484HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.

  • CVE-2017-2478HigApr 2, 2017
    risk 0.49cvss 7.0epss 0.05

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code…

  • CVE-2017-2461HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service…

  • CVE-2017-2456HigApr 2, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code…

  • CVE-2017-2429HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during…

  • CVE-2017-2419HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.

  • CVE-2017-2382HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.

  • CVE-2017-2380HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by…

  • CVE-2017-2377HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a…

  • CVE-2017-2376HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.

  • CVE-2016-9643HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).

  • CVE-2016-7667HigFeb 20, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.

  • CVE-2016-7662HigFeb 20, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.

  • CVE-2016-4693HigFeb 20, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by…

  • CVE-2016-4689HigFeb 20, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.

Page 49 of 169