VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,436 total · sorted by risk
  • CVE-2020-9908HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-9796HigOct 22, 2020
    risk 0.46cvss 7.0epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9779HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-9771HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.00

    This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.

  • CVE-2020-9952HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.01

    An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site…

  • CVE-2020-9843HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.01

    An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web…

  • CVE-2020-9842HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.01

    An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform…

  • CVE-2020-9808HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.

  • CVE-2020-9805HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead…

  • CVE-2020-3912HigApr 1, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-3908HigApr 1, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-3907HigApr 1, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-3861HigFeb 27, 2020
    risk 0.46cvss 7.1epss 0.00

    The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system.

  • CVE-2020-3831HigFeb 27, 2020
    risk 0.46cvss 7.0epss 0.01

    A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-8606HigDec 18, 2019
    risk 0.46cvss 7.0epss 0.00

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.

  • CVE-2019-8576HigDec 18, 2019
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2019-8545HigDec 18, 2019
    risk 0.46cvss 7.1epss 0.00

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2018-4434HigApr 3, 2019
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.

  • CVE-2017-7151HigApr 3, 2019
    risk 0.46cvss 7.0epss 0.01

    A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.

  • CVE-2018-4183HigJan 11, 2019
    risk 0.46cvss 8.2epss 0.00

    In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.

  • CVE-2018-4240MedJun 8, 2018
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service…

  • CVE-2018-4228HigJun 8, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

  • CVE-2018-4167HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute…

  • CVE-2018-4166HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary…

  • CVE-2018-4158HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged…

  • CVE-2018-4157HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary…

  • CVE-2018-4156HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4155HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute…

  • CVE-2018-4154HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4152HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4151HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-13850HigApr 3, 2018
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted…

  • CVE-2017-7154MedDec 27, 2017
    risk 0.46cvss 6.6epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of…

  • CVE-2017-13831HigNov 13, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.

  • CVE-2017-13820HigNov 13, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.

  • CVE-2015-3206HigAug 25, 2017
    risk 0.46cvss 8.1epss 0.02

    The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

  • CVE-2017-2480MedApr 2, 2017
    risk 0.46cvss 6.5epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows…

  • CVE-2017-2479MedApr 2, 2017
    risk 0.46cvss 6.5epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows…

  • CVE-2017-2450HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information…

  • CVE-2017-2442MedApr 2, 2017
    risk 0.46cvss 6.5epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a…

  • CVE-2017-2439HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive…

  • CVE-2017-2409HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.

  • CVE-2017-2367MedApr 2, 2017
    risk 0.46cvss 6.5epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information…

  • CVE-2017-2371MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.

  • CVE-2017-2365MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive…

  • CVE-2017-2364MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

  • CVE-2017-2363MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin…

  • CVE-2016-4743HigFeb 20, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive…

  • CVE-2016-4682HigFeb 20, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and…

  • CVE-2016-4660HigFeb 20, 2017
    risk 0.46cvss 7.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive…

Page 53 of 169