VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,443 total · sorted by risk
  • CVE-2018-4116MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2018-4113MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves…

  • CVE-2018-4107MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.

  • CVE-2018-4102MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2493MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin…

  • CVE-2017-7158MedDec 27, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.

  • CVE-2017-13790MedNov 13, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-13789MedNov 13, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-7106MedOct 23, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar.

  • CVE-2017-7085MedOct 23, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.

  • CVE-2017-7060MedJul 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.

  • CVE-2017-7011MedJul 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.

  • CVE-2017-2517MedJul 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2511MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2495MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly…

  • CVE-2017-2486MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2453MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.

  • CVE-2017-2424MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a…

  • CVE-2017-2418MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.

  • CVE-2017-2386MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information…

  • CVE-2017-2359MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2350MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive…

  • CVE-2016-7627MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and…

  • CVE-2016-7623MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.

  • CVE-2016-7599MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin…

  • CVE-2016-7598MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive…

  • CVE-2016-7591MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a…

  • CVE-2016-7586MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive…

  • CVE-2016-7580MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.

  • CVE-2016-4613MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive…

  • CVE-2016-4760MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

  • CVE-2016-4758MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

  • CVE-2016-4718MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.03

    Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

  • CVE-2016-4646MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.

  • CVE-2016-4605MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.

  • CVE-2016-4592MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

  • CVE-2016-4587MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

  • CVE-2016-1858MedMay 20, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

  • CVE-2016-1811MedMay 20, 2016
    risk 0.42cvss 6.5epss 0.02

    ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

  • CVE-2016-1785MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.02

    The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

  • CVE-2016-1784MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.

  • CVE-2016-1782MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

  • CVE-2016-1779MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.03

    WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

  • CVE-2016-1771MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.02

    The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.

  • CVE-2016-1770MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.

  • CVE-2012-3489MedOct 3, 2012
    risk 0.42cvss 6.5epss 0.03

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file…

  • CVE-2009-5078MedJun 30, 2011
    risk 0.42cvss 6.5epss 0.02

    contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

  • CVE-2010-2249MedJun 30, 2010
    risk 0.42cvss 6.5epss 0.03

    Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

  • CVE-2010-1637MedJun 22, 2010
    risk 0.42cvss 6.5epss 0.03

    The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

  • CVE-2009-2416MedAug 11, 2009
    risk 0.42cvss 6.5epss 0.02

    Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as…

Page 61 of 169