VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2020-9860MedOct 27, 2020
    risk 0.35cvss 5.4epss 0.01

    A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

  • CVE-2020-3852MedOct 27, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.

  • CVE-2019-8858MedOct 27, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.

  • CVE-2019-8796MedOct 27, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.

  • CVE-2020-9787MedOct 22, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.

  • CVE-2020-9916MedOct 16, 2020
    risk 0.35cvss 5.3epss 0.01

    A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able…

  • CVE-2020-9835MedJun 9, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

  • CVE-2020-9781MedApr 1, 2020
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

  • CVE-2020-9777MedApr 1, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.

  • CVE-2020-9775MedApr 1, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.

  • CVE-2020-3916MedApr 1, 2020
    risk 0.35cvss 5.3epss 0.01

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

  • CVE-2020-3890MedApr 1, 2020
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

  • CVE-2020-3874MedFeb 27, 2020
    risk 0.35cvss 5.3epss 0.01

    An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content.

  • CVE-2020-3869MedFeb 27, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera.

  • CVE-2019-8768MedDec 18, 2019
    risk 0.35cvss 5.3epss 0.02

    "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.

  • CVE-2019-8725MedDec 18, 2019
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

  • CVE-2019-8711MedDec 18, 2019
    risk 0.35cvss 5.3epss 0.01

    A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.

  • CVE-2019-11070MedApr 10, 2019
    risk 0.35cvss 5.3epss 0.03

    WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are…

  • CVE-2018-4356MedApr 3, 2019
    risk 0.35cvss 5.3epss 0.01

    A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.

  • CVE-2018-4321MedApr 3, 2019
    risk 0.35cvss 5.3epss 0.01

    A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.

  • CVE-2018-4293MedApr 3, 2019
    risk 0.35cvss 5.3epss 0.01

    A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

  • CVE-2018-4279MedApr 3, 2019
    risk 0.35cvss 5.3epss 0.01

    An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.

  • CVE-2017-7147MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission…

  • CVE-2017-7146MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.

  • CVE-2017-7145MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.

  • CVE-2017-7142MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web…

  • CVE-2017-7141MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail…

  • CVE-2017-7140MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.

  • CVE-2017-7078MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.

  • CVE-2017-7006MedJul 20, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same…

  • CVE-2017-2414MedApr 2, 2017
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.

  • CVE-2017-2400MedApr 2, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache…

  • CVE-2017-2391MedApr 2, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass…

  • CVE-2016-4745MedSep 25, 2016
    risk 0.35cvss 5.3epss 0.02

    The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

  • CVE-2016-4713MedSep 25, 2016
    risk 0.35cvss 5.3epss 0.01

    CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.

  • CVE-2016-4746MedSep 18, 2016
    risk 0.35cvss 5.3epss 0.02

    The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.

  • CVE-2016-4635MedJul 22, 2016
    risk 0.35cvss 5.3epss 0.01

    FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.

  • CVE-2016-4604MedJul 22, 2016
    risk 0.35cvss 5.4epss 0.01

    Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

  • CVE-2016-4590MedJul 22, 2016
    risk 0.35cvss 5.4epss 0.01

    WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1844MedMay 20, 2016
    risk 0.35cvss 5.3epss 0.02

    The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.

  • CVE-2016-1787MedMar 24, 2016
    risk 0.35cvss 5.3epss 0.02

    Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.

  • CVE-2016-1786MedMar 24, 2016
    risk 0.35cvss 5.4epss 0.01

    The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached…

  • CVE-2016-1776MedMar 24, 2016
    risk 0.35cvss 5.3epss 0.02

    Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.

  • CVE-2016-1774MedMar 24, 2016
    risk 0.35cvss 5.3epss 0.02

    The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks…

  • CVE-2016-0747MedFeb 15, 2016
    risk 0.35cvss 5.3epss 0.08

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

  • CVE-2016-1730MedFeb 1, 2016
    risk 0.35cvss 5.4epss 0.01

    WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.

  • CVE-2015-6563MedAug 24, 2015
    risk 0.35cvss 6.4epss 0.00

    The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the…

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2025-46308MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.

  • CVE-2026-28994MedMay 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position…

Page 89 of 170