VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,442 total · sorted by risk
  • CVE-2017-2497MedMay 22, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.

  • CVE-2017-2475MedApr 2, 2017
    risk 0.40cvss 6.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames…

  • CVE-2017-2393MedApr 2, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.

  • CVE-2016-7762MedFeb 20, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.

  • CVE-2016-7609MedFeb 20, 2017
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-7600MedFeb 20, 2017
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.

  • CVE-2016-4701MedSep 25, 2016
    risk 0.40cvss 6.2epss 0.00

    Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

  • CVE-2016-4618MedSep 25, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

  • CVE-2016-4651MedJul 22, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)"…

  • CVE-2016-4585MedJul 22, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled…

  • CVE-2016-1760MedMar 29, 2016
    risk 0.40cvss 6.2epss 0.00

    The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

  • CVE-2016-1941MedJan 31, 2016
    risk 0.40cvss 6.1epss 0.01

    The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

  • CVE-2014-4406MedSep 19, 2014
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-28980higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary The `HTTPDecoder` in `NIOHTTP1` enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all…

  • CVE-2026-43671higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding `UInt32.max` are passed to some `ByteBuffer` methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in…

  • CVE-2025-46310MedFeb 11, 2026
    risk 0.39cvss 6.0epss 0.00

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files.

  • CVE-2025-43200MedKEVJun 16, 2025
    risk 0.39cvss 4.2epss 0.01

    This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.94

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2023-32369MedJun 23, 2023
    risk 0.39cvss 6.0epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

  • CVE-2022-43552MedFeb 9, 2023
    risk 0.39cvss 5.9epss 0.03

    A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl…

  • CVE-2022-22616MedMay 26, 2022
    risk 0.39cvss 5.5epss 0.08

    This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

  • CVE-2021-30833MedOct 28, 2021
    risk 0.39cvss 5.5epss 0.43

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

  • CVE-2020-24722MedOct 7, 2020
    risk 0.39cvss 5.9epss 0.02

    An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack.…

  • CVE-2019-6209MedMar 5, 2019
    risk 0.39cvss 5.5epss 0.04

    An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory…

  • CVE-2019-6208MedMar 5, 2019
    risk 0.39cvss 5.5epss 0.03

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

  • CVE-2018-4090MedApr 3, 2018
    risk 0.39cvss 5.5epss 0.04

    An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read…

  • CVE-2017-13869MedDec 25, 2017
    risk 0.39cvss 5.5epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read…

  • CVE-2017-13868MedDec 25, 2017
    risk 0.39cvss 5.5epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read…

  • CVE-2017-13865MedDec 25, 2017
    risk 0.39cvss 5.5epss 0.04

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read…

  • CVE-2017-13855MedDec 25, 2017
    risk 0.39cvss 5.5epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read…

  • CVE-2017-13849MedNov 13, 2017
    risk 0.39cvss 5.5epss 0.04

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted…

  • CVE-2017-7088MedOct 23, 2017
    risk 0.39cvss 5.9epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of…

  • CVE-2017-7064MedJul 20, 2017
    risk 0.39cvss 5.5epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass…

  • CVE-2017-6982MedMay 22, 2017
    risk 0.39cvss 5.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.

  • CVE-2017-2509MedMay 22, 2017
    risk 0.39cvss 5.5epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-2489MedApr 2, 2017
    risk 0.39cvss 5.5epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

  • CVE-2017-2388MedApr 2, 2017
    risk 0.39cvss 5.5epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2016-7608MedFeb 20, 2017
    risk 0.39cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

  • CVE-2016-1788MedMar 24, 2016
    risk 0.39cvss 5.9epss 0.02

    Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.

  • CVE-2024-27256MedJan 27, 2025
    risk 0.38cvss 5.9epss 0.00

    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-54494MedDec 12, 2024
    risk 0.38cvss 5.9epss 0.01

    A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An attacker may be able to create a read-only memory…

  • CVE-2024-54492MedDec 12, 2024
    risk 0.38cvss 5.9epss 0.01

    This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

  • CVE-2024-44213MedOct 28, 2024
    risk 0.38cvss 5.9epss 0.01

    An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information.

  • CVE-2024-27823MedJul 29, 2024
    risk 0.38cvss 5.9epss 0.01

    A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network…

  • CVE-2024-23277MedMar 8, 2024
    risk 0.38cvss 5.9epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

  • CVE-2024-23218MedJan 23, 2024
    risk 0.38cvss 5.9epss 0.01

    A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS…

  • CVE-2023-32427MedJul 28, 2023
    risk 0.38cvss 5.9epss 0.00

    This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.

  • CVE-2023-23520MedFeb 27, 2023
    risk 0.38cvss 5.9epss 0.01

    A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.

  • CVE-2021-46841MedFeb 27, 2023
    risk 0.38cvss 5.9epss 0.00

    This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.

  • CVE-2022-42818MedNov 1, 2022
    risk 0.38cvss 5.9epss 0.01

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.

Page 64 of 169