VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,436 total · sorted by risk
  • CVE-2016-4776HigSep 25, 2016
    risk 0.46cvss 7.1epss 0.01

    The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…

  • CVE-2016-4774HigSep 25, 2016
    risk 0.46cvss 7.1epss 0.01

    The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…

  • CVE-2016-4773HigSep 25, 2016
    risk 0.46cvss 7.1epss 0.01

    The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…

  • CVE-2016-4639HigJul 22, 2016
    risk 0.46cvss 7.0epss 0.00

    Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2025-31228MedMay 12, 2025
    risk 0.44cvss 6.8epss 0.00

    The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.

  • CVE-2025-24272MedMar 31, 2025
    risk 0.44cvss 6.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system.

  • CVE-2024-27878MedJul 29, 2024
    risk 0.44cvss 6.7epss 0.00

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2024-23234MedMar 8, 2024
    risk 0.44cvss 6.7epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2023-41989MedOct 25, 2023
    risk 0.44cvss 6.8epss 0.01

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.

  • CVE-2023-41988MedOct 25, 2023
    risk 0.44cvss 6.8epss 0.01

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-27933MedMay 8, 2023
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-42830MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-42829MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-32926MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-32832MedSep 23, 2022
    risk 0.44cvss 6.7epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with…

  • CVE-2018-4478MedDec 23, 2021
    risk 0.44cvss 6.8epss 0.00

    A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

  • CVE-2017-13907MedDec 23, 2021
    risk 0.44cvss 6.8epss 0.00

    A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

  • CVE-2021-30721MedSep 8, 2021
    risk 0.44cvss 6.5epss 0.24

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

  • CVE-2021-30863MedAug 24, 2021
    risk 0.44cvss 6.8epss 0.00

    This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 15 and iPadOS 15. A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID.

  • CVE-2019-8569MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra.…

  • CVE-2019-8534MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary…

  • CVE-2019-8528MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel…

  • CVE-2019-8525MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update…

  • CVE-2020-9810MedOct 22, 2020
    risk 0.44cvss 6.8epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.

  • CVE-2020-9946MedOct 16, 2020
    risk 0.44cvss 6.8epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.

  • CVE-2019-8760MedDec 18, 2019
    risk 0.44cvss 6.8epss 0.00

    This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

  • CVE-2018-5383MedAug 7, 2018
    risk 0.44cvss 6.8epss 0.01

    Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a…

  • CVE-2017-7070MedApr 3, 2018
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.

  • CVE-2017-6975MedApr 5, 2017
    risk 0.44cvss 6.8epss 0.01

    Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there…

  • CVE-2016-7585MedApr 2, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.

  • CVE-2017-2361MedFeb 20, 2017
    risk 0.44cvss 6.1epss 0.17

    An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

  • CVE-2016-7601MedFeb 20, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.

  • CVE-2016-4781MedFeb 20, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

  • CVE-2016-4690MedFeb 20, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.

  • CVE-2016-4763MedSep 25, 2016
    risk 0.44cvss 6.8epss 0.01

    WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2016-1840HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.03

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-1734MedMar 24, 2016
    risk 0.44cvss 6.8epss 0.01

    AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.

  • CVE-2015-7024MedJan 11, 2016
    risk 0.44cvss 6.7epss 0.00

    Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.

  • CVE-2025-24198MedMar 31, 2025
    risk 0.43cvss 6.6epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive…

  • CVE-2024-54502MedDec 12, 2024
    risk 0.43cvss 6.5epss 0.14

    The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2022-32816MedSep 23, 2022
    risk 0.43cvss 6.5epss 0.06

    The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.

  • CVE-2020-8285HigDec 14, 2020
    risk 0.43cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2014-8128MedFeb 12, 2020
    risk 0.43cvss 6.5epss 0.04

    LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

  • CVE-2019-8690MedDec 18, 2019
    risk 0.43cvss 6.1epss 0.05

    A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6.…

  • CVE-2019-8649MedDec 18, 2019
    risk 0.43cvss 6.1epss 0.05

    A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6.…

  • CVE-2018-4117MedApr 3, 2018
    risk 0.43cvss 6.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit"…

  • CVE-2017-7089MedOct 23, 2017
    risk 0.43cvss 6.1epss 0.06

    An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web…

  • CVE-2017-2528MedMay 22, 2017
    risk 0.43cvss 6.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with…

Page 54 of 169