VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2016-4752MedSep 25, 2016
    risk 0.36cvss 5.5epss 0.01

    The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.

  • CVE-2016-4742MedSep 25, 2016
    risk 0.36cvss 5.5epss 0.01

    NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.

  • CVE-2016-4706MedSep 25, 2016
    risk 0.36cvss 5.5epss 0.00

    cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.

  • CVE-2016-4719MedSep 18, 2016
    risk 0.36cvss 5.5epss 0.01

    The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.

  • CVE-2016-7153MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2016-7152MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2016-4649MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-4648MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2016-4628MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2016-1865MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-1814MedMay 20, 2016
    risk 0.36cvss 5.5epss 0.01

    IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2016-1807MedMay 20, 2016
    risk 0.36cvss 5.1epss 0.01

    Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

  • CVE-2016-1802MedMay 20, 2016
    risk 0.36cvss 5.5epss 0.01

    CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

  • CVE-2016-1789MedApr 5, 2016
    risk 0.36cvss 5.5epss 0.01

    Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2016-1752MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.01

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.

  • CVE-2016-1745MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.00

    IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-1732MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.00

    AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2014-4373MedSep 18, 2014
    risk 0.36cvss 5.5epss 0.01

    The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

  • CVE-2014-4364MedSep 18, 2014
    risk 0.36cvss 5.6epss 0.01

    The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the…

  • CVE-2009-0141MedFeb 13, 2009
    risk 0.36cvss 5.5epss 0.00

    XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

  • CVE-2026-28819MedMay 11, 2026
    risk 0.35cvss 5.4epss 0.07

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2026-28909MedApr 30, 2026
    risk 0.35cvss 6.5epss 0.00

    Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.

  • CVE-2025-43495MedNov 4, 2025
    risk 0.35cvss 5.4epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission.

  • CVE-2025-31254MedSep 15, 2025
    risk 0.35cvss 5.4epss 0.00

    This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.

  • CVE-2025-31241MedMay 12, 2025
    risk 0.35cvss 5.3epss 0.01

    A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app…

  • CVE-2025-24271MedApr 29, 2025
    risk 0.35cvss 5.4epss 0.00

    An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac…

  • CVE-2023-42981MedApr 11, 2025
    risk 0.35cvss 5.4epss 0.00

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.

  • CVE-2025-30428MedMar 31, 2025
    risk 0.35cvss 5.4epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.

  • CVE-2024-54466MedDec 12, 2024
    risk 0.35cvss 5.3epss 0.01

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password.

  • CVE-2024-44246MedDec 12, 2024
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the…

  • CVE-2024-44296MedOct 28, 2024
    risk 0.35cvss 5.4epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy…

  • CVE-2024-44229MedOct 28, 2024
    risk 0.35cvss 5.3epss 0.01

    An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history.

  • CVE-2024-40796MedJul 29, 2024
    risk 0.35cvss 5.3epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.

  • CVE-2024-40794MedJul 29, 2024
    risk 0.35cvss 5.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.

  • CVE-2024-27881MedJul 29, 2024
    risk 0.35cvss 5.3epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts.

  • CVE-2024-24787MedMay 8, 2024
    risk 0.35cvss 6.4epss 0.01

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  • CVE-2023-42923MedDec 12, 2023
    risk 0.35cvss 5.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.

  • CVE-2023-42846MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

  • CVE-2023-42845MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.

  • CVE-2023-40408MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.

  • CVE-2023-40417MedSep 27, 2023
    risk 0.35cvss 5.4epss 0.01

    A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

  • CVE-2023-32370MedSep 6, 2023
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

  • CVE-2022-32943MedDec 15, 2022
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.

  • CVE-2022-32938MedNov 1, 2022
    risk 0.35cvss 5.3epss 0.01

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

  • CVE-2022-32928MedNov 1, 2022
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials.

  • CVE-2022-26725MedMay 26, 2022
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector.

  • CVE-2021-30667MedSep 8, 2021
    risk 0.35cvss 5.4epss 0.00

    A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.

  • CVE-2021-30720MedSep 8, 2021
    risk 0.35cvss 5.4epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

  • CVE-2021-30930MedAug 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. An attacker may be able to track users through their IP address.

  • CVE-2021-30904MedAug 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage.

Page 88 of 170