VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2026-28838MedMar 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

  • CVE-2026-20676MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

  • CVE-2026-20673MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews.

  • CVE-2025-43481MedNov 4, 2025
    risk 0.34cvss 5.2epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-43444MedNov 4, 2025
    risk 0.34cvss 5.3epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

  • CVE-2025-43332MedSep 15, 2025
    risk 0.34cvss 5.2epss 0.00

    A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.

  • CVE-2025-43308MedSep 15, 2025
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.

  • CVE-2025-43276MedJul 30, 2025
    risk 0.34cvss 5.3epss 0.00

    A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.

  • CVE-2025-31276MedJul 30, 2025
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.

  • CVE-2025-24140MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.

  • CVE-2024-54518MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

  • CVE-2024-54488MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.

  • CVE-2024-44212MedDec 12, 2024
    risk 0.34cvss 5.3epss 0.00

    A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

  • CVE-2024-44202MedSep 17, 2024
    risk 0.34cvss 5.3epss 0.01

    An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

  • CVE-2024-44127MedSep 17, 2024
    risk 0.34cvss 5.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

  • CVE-2024-40862MedSep 17, 2024
    risk 0.34cvss 5.3epss 0.00

    A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.

  • CVE-2024-40852MedSep 17, 2024
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.

  • CVE-2024-40865MedSep 6, 2024
    risk 0.34cvss 5.3epss 0.00

    The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.

  • CVE-2022-32933MedJun 10, 2024
    risk 0.34cvss 5.3epss 0.00

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.

  • CVE-2023-42836MedFeb 21, 2024
    risk 0.34cvss 5.3epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.

  • CVE-2023-34352MedSep 6, 2023
    risk 0.34cvss 5.3epss 0.01

    A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

  • CVE-2023-23494MedMay 8, 2023
    risk 0.34cvss 5.3epss 0.01

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service.

  • CVE-2022-32906MedFeb 27, 2023
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections.

  • CVE-2020-9846MedFeb 27, 2023
    risk 0.34cvss 5.3epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.

  • CVE-2022-32833MedDec 15, 2022
    risk 0.34cvss 5.3epss 0.01

    An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

  • CVE-2022-32859MedNov 1, 2022
    risk 0.34cvss 5.3epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

  • CVE-2022-32861MedSep 20, 2022
    risk 0.34cvss 5.3epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

  • CVE-2021-1837MedSep 8, 2021
    risk 0.34cvss 5.3epss 0.00

    A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic.

  • CVE-2021-30998MedAug 24, 2021
    risk 0.34cvss 5.3epss 0.01

    A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a…

  • CVE-2019-8667MedDec 18, 2019
    risk 0.34cvss 5.3epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.

  • CVE-2016-7651MedFeb 20, 2017
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.

  • CVE-2016-4748MedSep 25, 2016
    risk 0.34cvss 5.3epss 0.00

    Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.

  • CVE-2025-43311MedSep 15, 2025
    risk 0.33cvss 5.1epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.

  • CVE-2025-43262MedSep 15, 2025
    risk 0.33cvss 5.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.

  • CVE-2025-43266MedJul 30, 2025
    risk 0.33cvss 5.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

  • CVE-2025-43260MedJul 30, 2025
    risk 0.33cvss 5.1epss 0.00

    This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.

  • CVE-2025-30434MedMar 31, 2025
    risk 0.33cvss 5.0epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.

  • CVE-2025-24248MedMar 31, 2025
    risk 0.33cvss 5.0epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.

  • CVE-2025-24203MedMar 31, 2025
    risk 0.33cvss 5.0epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.

  • CVE-2025-24097MedMar 31, 2025
    risk 0.33cvss 5.0epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.

  • CVE-2025-24099MedJan 30, 2025
    risk 0.33cvss 5.1epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local attacker may be able to elevate their privileges.

  • CVE-2024-54510MedDec 12, 2024
    risk 0.33cvss 5.1epss 0.00

    A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.

  • CVE-2022-32875MedNov 1, 2022
    risk 0.33cvss 5.0epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information.

  • CVE-2021-1865MedSep 8, 2021
    risk 0.33cvss 5.0epss 0.01

    An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

  • CVE-2018-4304MedApr 3, 2019
    risk 0.33cvss 5.0epss 0.01

    A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2026-28967MedMay 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.

  • CVE-2025-43504MedNov 4, 2025
    risk 0.32cvss 4.9epss 0.00

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.

  • CVE-2023-42955MedMay 14, 2024
    risk 0.32cvss 4.9epss 0.00

    Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role…

  • CVE-2021-22947MedSep 29, 2021
    risk 0.32cvss 5.9epss 0.03

    When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached…

Page 90 of 170