Filtered by vendor Apple
Subscriptions
Total
12472 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32882 | 1 Apple | 1 Macos | 2025-05-27 | 9.8 Critical |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2025-05-27 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | ||||
| CVE-2023-42908 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-27 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | ||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | 5.5 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | ||||
| CVE-2022-32814 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-27 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-29181 | 3 Apple, Nokogiri, Redhat | 4 Macos, Nokogiri, Satellite and 1 more | 2025-05-27 | 8.2 High |
| Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. | ||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2025-05-27 | 8.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | ||||
| CVE-2025-24274 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-24225 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | 6.5 Medium |
| An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. | ||||
| CVE-2025-24258 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. | ||||
| CVE-2025-30442 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges. | ||||
| CVE-2025-30436 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | 9.1 Critical |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls. | ||||
| CVE-2025-24223 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2025-05-27 | 8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-30448 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-27 | 9.1 Critical |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication. | ||||
| CVE-2025-30453 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-31195 | 1 Apple | 1 Macos | 2025-05-27 | 6.3 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | ||||
| CVE-2025-31196 | 1 Apple | 2 Ipados, Macos | 2025-05-27 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. | ||||
| CVE-2025-31204 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2025-05-27 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-31205 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2025-05-27 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. | ||||