Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-28962

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-11 May, 2026 | 20:07
Updated At-12 May, 2026 | 13:08
Rejected At-
Credits

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:11 May, 2026 | 20:07
Updated At:12 May, 2026 | 13:08
Rejected At:
â–¼CVE Numbering Authority (CNA)

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From 0 before 18.7.9 (custom)
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 26.5 (custom)
Vendor
Apple Inc.Apple
Product
visionOS
Versions
Affected
  • From 0 before 26.5 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AProcessing maliciously crafted web content may disclose sensitive user information
Type: N/A
CWE ID: N/A
Description: Processing maliciously crafted web content may disclose sensitive user information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/127110
N/A
https://support.apple.com/en-us/127111
N/A
https://support.apple.com/en-us/127115
N/A
https://support.apple.com/en-us/127120
N/A
Hyperlink: https://support.apple.com/en-us/127110
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127111
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127115
Resource: N/A
Hyperlink: https://support.apple.com/en-us/127120
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:11 May, 2026 | 21:18
Updated At:12 May, 2026 | 17:15

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 18.7.9(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 18.7.9(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 26.0(inclusive) to 26.5(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>visionos>>Versions before 26.5(exclusive)
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/127110product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127111product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127115product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/127120product-security@apple.com
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127110
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127111
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127115
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/127120
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

908Records found
CVE-2024-43485
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.94%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelvisual_studio_2022.netwindowsmacosMicrosoft Visual Studio 2022 version 17.8.NET 6.0PowerShell 7.5Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft Visual Studio 2022 version 17.11PowerShell 7.2PowerShell 7.4
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-43483
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.94%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2macoswindows_server_2022.net_frameworkwindows_11_23h2windows_10_21h2windows_10_1809linux_kernelvisual_studio_2022.netwindows_11_24h2windowswindows_10_22h2windows_11_22h2windows_server_2019windows_10_1607Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6/4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 3.5 AND 4.7.2.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft .NET Framework 3.5.1PowerShell 7.4Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2022 version 17.6PowerShell 7.2Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2022-38166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.01%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.

Action-Not Available
Vendor-n/aF-Secure CorporationMicrosoft CorporationApple Inc.
Product-elements_endpoint_protectionmacoswindowsn/a
CWE ID-CWE-248
Uncaught Exception
CVE-2024-43499
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.82%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-27 Aug, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-visual_studio_2022linux_kernelmacos.netwindowsMicrosoft Visual Studio 2022 version 17.11Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10PowerShell 7.5.NET 9.0Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2024-43484
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.12%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-.net_frameworkwindows_10_1809windows_11_23h2windows_server_2019windows_10_1607windows_server_2012.netwindows_server_2022windowswindows_11_24h2windows_server_2016windows_10_22h2windows_server_2022_23h2linux_kernelmacoswindows_11_22h2windows_10_1507visual_studio_2022windows_server_2008windows_11_21h2windows_10_21h2Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6/4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 3.5 AND 4.7.2.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft .NET Framework 3.5.1PowerShell 7.4Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2022 version 17.6PowerShell 7.2Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2022-3252
Matching Score-8
Assigner-Swift Project
ShareView Details
Matching Score-8
Assigner-Swift Project
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.26%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 18:45
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub.

Action-Not Available
Vendor-Swift ProjectApple Inc.
Product-swift-nio-extrasSwiftNIO Extras
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-32790
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.71% / 82.46%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xtvosmacosiphone_osipadoswatchoswatchOSmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-32927
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.21%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-40856
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 32.83%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOStvOS
CVE-2004-0079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.28% / 84.78%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-bluecoatneoterisscolitestonesofttarantella4dsecurecomputingn/aApple Inc.HP Inc.Symantec CorporationDell Inc.VMware (Broadcom Inc.)Cisco Systems, Inc.Silicon Graphics, Inc.FreeBSD FoundationAvaya LLCCheck Point Software Technologies Ltd.Red Hat, Inc.OpenBSDNovellOpenSSLSun Microsystems (Oracle Corporation)
Product-sg200serverclusteraccess_registrarimanagerinstant_virtual_extranetstonebeat_webclustercontent_services_switch_11500enterprise_linuxopenservermds_9000hp-uxiosprovider-1edirectorycall_managermac_os_x_serverstonebeat_fullclusterlinuxpropackfreebsdintuity_audixstonegate_vpn_clientcrypto_accelerator_4000speed_technologies_litespeed_web_serverproxysggss_4490_global_site_selectorvsuenterprise_linux_desktopapache-based_web_serverstonebeat_securityclusterfirewall-1wbemgsx_serversg208ciscoworks_common_serviceswebnsstonegateconverged_communications_serverpix_firewallmac_os_xvpn-1application_and_content_networking_softwarefirewall_services_modulesg203sidewinderbsafe_ssl-jwebstaraaa_servertarantella_enterpriseokena_stormwatchsecure_content_acceleratoropenbsdcss_secure_content_accelerators8500threat_responseopensslciscoworks_common_management_foundationsg5s8700gss_4480_global_site_selectorpix_firewall_softwareclientless_vpn_gateway_4400cacheos_ca_sacss11000_content_services_switchs8300n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-40803
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-43375
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.45%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:35
Updated-02 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.

Action-Not Available
Vendor-Apple Inc.
Product-xcodeXcode
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43462
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:16
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2002-1372
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.33% / 91.75%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/Linux
Product-debian_linuxmac_os_xcupsn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2025-43223
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 43.91%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:28
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43494
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.36%
||
7 Day CHG-0.01%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-visionoswatchosmacosiphone_osipadosmacOSwatchOSiOS and iPadOSvisionOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-44487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-94.45% / 99.99%
||
7 Day CHG+0.05%
Published-10 Oct, 2023 | 00:00
Updated-12 May, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Action-Not Available
Vendor-nghttp2akkaprojectcontourkonghqtraefikkazu-yamamotoistiocaddyserverenvoyproxyamazongrpclinecorpvarnish_cache_projectdenalinkerdopenrestyn/aApple Inc.Cisco Systems, Inc.Siemens AGEclipse Foundation AISBLF5, Inc.GoThe Apache Software FoundationMicrosoft CorporationFacebookJenkinsFedora ProjectThe IETF Administration LLC (IETF LLC)The Netty ProjectRed Hat, Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)NetApp, Inc.
Product-nexus_9804nexus_9332d-h2rnexus_9372txnexus_9200istionexus_92160yc_switchfedoranexus_92160yc-xsiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwareenterprise_chat_and_email.netvisual_studio_2022windows_10_22h2node_healthcheck_operatornexus_36180yc-ropenshift_sandboxed_containersnexus_9500_4-slotnexus_93128tx_switchnexus_92300ycbig-ip_nextcost_managementjboss_enterprise_application_platformnexus_9200ycnexus_9332pqnexus_9396txproxygenultra_cloud_core_-_session_management_functionintegration_camel_kintegration_camel_for_spring_bootnexus_3064tazure_kubernetes_servicenexus_93180yc-fxcrosswork_zero_touch_provisioningbig-ip_analyticsnexus_3432d-snexus_93180yc-fx3secure_malware_analyticsopensearch_data_preppersecure_web_appliance_firmwareweb_terminalprime_infrastructurenexus_93180lc-ex_switchopenshift_container_platform_assisted_installercertification_for_red_hat_enterprise_linuxprime_cable_provisioningnexus_93108tc-fx-24connected_mobile_experiencesnexus_92300yc_switchprocess_automationexpresswayhttp_serverunified_attendant_console_advancedopenstack_platformnginx_plusnexus_93240yc-fx2nexus_3636c-rcryostatnexus_3100-zsingle_sign-onopenshift_distributed_tracingnexus_9736pqnexus_9272qnexus_3016qnexus_93108tc-ex-24unified_contact_center_domain_managernexus_9396tx_switchopenshift_developer_tools_and_servicesnexus_93128crosswork_situation_managernexus_93180yc-ex-24nexus_9332pq_switchwindows_server_2022nexus_31108pc-vopenshift_api_for_data_protectionopenshift_gitopsnexus_3132c-zsupport_for_spring_bootwindows_server_2016nexus_3016nexus_3132q-vopenshift_service_mesh3scale_api_management_platformnexus_3464cnexus_9500ropenshiftcaddynexus_3100-vnexus_3132qopenshift_secondary_scheduler_operatornexus_3064-32tnexus_31108tc-varmeriagomigration_toolkit_for_containersbuild_of_optaplannernexus_3232nexus_9372pxbig-ip_websafenexus_9500_supervisor_anexus_9348gc-fxpultra_cloud_core_-_serving_gateway_functionnexus_3172tqnexus_9504windows_10_21h2nexus_3064xnexus_3232cnexus_9636pqnexus_3400jettyansible_automation_platformnexus_9500_supervisor_bnexus_9372tx-ewindows_10_1809nexus_3524-xlnexus_3408-snexus_3172tq-32tnexus_93180tc-exnexus_9516nexus_3524-xnexus_3264c-enexus_3172pqnexus_3172pq\/pq-xlnexus_9336pqastra_control_centernexus_9364c-gxnexus_9336c-fx2simatic_s7-1500_cpu_1518-4_pn\/dpnexus_9236cnexus_9536pqnexus_9236c_switchnexus_93180yc-fx-24nexus_31128pqnetwork_observability_operatorbig-ip_application_security_managerprime_access_registrarswiftnio_http\/2linkerdios_xewindows_11_22h2nexus_9500_supervisor_b\+nexus_9364d-gx2adecision_managerbig-ip_policy_enforcement_managerquaynexus_3264qbusiness_process_automationnexus_3100vsecure_dynamic_attributes_connectornexus_9372tx_switchnexus_9500_supervisor_a\+machine_deletion_remediation_operatornode.jssatellitenexus_9348d-gx2abig-ip_domain_name_systemnexus_3064nexus_9372px-e_switchbig-ip_link_controllernexus_93108tc-ex_switchhttpbig-ip_advanced_firewall_managerprime_network_registrarcert-manager_operator_for_red_hat_openshiftnexus_9432pqtraefikbuild_of_quarkusnexus_3524self_node_remediation_operatorcrosswork_data_gatewaycontournode_maintenance_operatorcbl-marinernexus_9716d-gxsinec_insh2onexus_9332d-gx2bnexus_9372px_switchapisixjboss_core_servicesnexus_9500_16-slotsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwareoncommand_insightnexus_9372px-enexus_9336pq_aci_spinenexus_3548-xnexus_9221cnexus_9272q_switchnexus_93108tc-fxfirepower_threat_defensebig-ip_fraud_protection_servicewindows_server_2019migration_toolkit_for_virtualizationvarnish_cacheunified_contact_center_enterprisenexus_93108tc-fx3hnexus_93240tc-fx2asp.net_coretelepresence_video_communication_servernexus_93216tc-fx2nexus_3100traffic_servernexus_3064-xnexus_9348gc-fx3nexus_9332cbig-ip_application_visibility_and_reportingnexus_3132q-x\/3132q-xltomcatwindows_10_1607simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwarenexus_3172tq-xlnexus_3548-xlnexus_9336pq_aci_spine_switchsiplus_s7-1500_cpu_1518-4_pn\/dp_mfpnexus_3164qdebian_linuxnexus_9396px_switchnexus_9396pxlogging_subsystem_for_red_hat_openshiftnexus_9364cbig-ip_webacceleratoropenshift_serverlessnetworkingnexus_9500big-ip_ssl_orchestratornexus_93180yc-ex_switchnexus_9508nexus_3132q-xnexus_93120txnexus_3132q-xlnexus_9408ruggedcom_ape1808_firmwarenexus_34180ycnexus_93180yc-fx3snx-osnexus_93180lc-exunified_contact_center_management_portalnexus_92304qc_switchdata_center_network_manageropenrestynexus_92348gc-xbig-ip_application_acceleration_manageropenshift_virtualizationnexus_93108tc-fx3pnexus_93360yc-fx2nexus_3172pq-xlnexus_31108pv-vgrpcnexus_93128txnexus_3064-tadvanced_cluster_management_for_kubernetesbig-ip_advanced_web_application_firewallenvoynexus_3232c_big-ip_global_traffic_managernginxfence_agents_remediation_operatorjboss_data_gridios_xrfog_directorsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpbig-ip_carrier-grade_natnexus_9300windows_11_21h2secure_web_applianceintegration_service_registryhttp2openshift_dev_spacesbig-ip_ddos_hybrid_defendernexus_93180yc-fx3hservice_interconnectnghttp2openshift_data_sciencest7_scadaconnectnexus_93120tx_switchbig-ip_local_traffic_managerbig-ip_access_policy_managerjboss_fuseopenshift_container_platformopenshift_pipelinesnexus_3048nexus_9508_switchnettynexus_9336c-fx2-enexus_93600cd-gxnexus_34200yc-smnexus_9516_switchceph_storagenexus_3600jboss_a-mqrun_once_duration_override_operatornexus_9000vnexus_3172nexus_3500sinec_nmsruggedcom_ape1808nexus_9336pq_acinexus_9316d-gxnexus_9800kong_gatewayadvanced_cluster_securitynexus_3548-x\/xlunified_contact_center_enterprise_-_live_data_serverultra_cloud_core_-_policy_control_functionbig-ip_next_service_proxy_for_kubernetesnexus_9232enexus_9808jboss_a-mq_streamsnexus_92304qciot_field_network_directornexus_9500_8-slotmigration_toolkit_for_applicationsnexus_3200solrjenkinsnginx_ingress_controllernexus_93180yc-exnexus_9372tx-e_switchnexus_93108tc-exnexus_9504_switchnexus_3524-x\/xlnexus_3548service_telemetry_frameworkenterprise_linuxn/aRUGGEDCOM APE1808SINEC NMSSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPhttpHTTP/2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-28872
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-iOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-28908
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-28944
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28848
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28986
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28846
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-43661
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28991
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-32203
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.73%
||
7 Day CHG+0.11%
Published-14 Apr, 2026 | 16:58
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, Inc
Product-visual_studio_2026.netwindowsmacosvisual_studio_2022linux_kernelMicrosoft Visual Studio 2022 version 17.12.NET 8.0Microsoft Visual Studio 2022 version 17.14.NET 9.0.NET 10.0Microsoft Visual Studio 2026 version 18.4
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33116
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 79.57%
||
7 Day CHG+0.48%
Published-14 Apr, 2026 | 16:57
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, Inc
Product-windows_10_21h2windows_11_22h2macoswindows_11_23h2.netlinux_kernelwindows_server_2012windows_10_22h2windows_server_2022windows_10_1809windows_server_2025windows_10_1607.net_frameworkwindows_11_26h1windowswindows_11_24h2windows_server_2022_23h2windows_11_25h2.NET 8.0.NET 9.0.NET 10.0Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-30924
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.48%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:50
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacosmacOS
CVE-2021-30715
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 71.01%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CVE-2021-30698
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.63%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacossafariipadosmacOSiOS and iPadOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-24668
Matching Score-8
Assigner-Swift Project
ShareView Details
Matching Score-8
Assigner-Swift Project
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.71%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.

Action-Not Available
Vendor-Swift ProjectApple Inc.
Product-swiftnio_http\/2SwiftNIO HTTP2
CWE ID-CWE-241
Improper Handling of Unexpected Data Type
CVE-2025-31208
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.43%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-30471
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.89%
||
7 Day CHG-0.51%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-31237
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.23%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-31240
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.23%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1761
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.09% / 78.09%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:19
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_oswatchostvosmac_os_xmacosmacOSiOS and iPadOS
CVE-2021-1764
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.09% / 78.09%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2025-24224
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.51%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-24177
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOSiPadOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-24120
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 24.86%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-9869
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.53%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:54
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9917
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.53%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:48
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS
CVE-2020-9827
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.82% / 74.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:14
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CVE-2020-9905
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.12%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:04
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvosmac_os_xipadostvOSmacOSiOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-9840
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.26%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 19:35
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

Action-Not Available
Vendor-SwiftApple Inc.
Product-nioextrasSwiftNIO Extras
CVE-2020-9924
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.53%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:05
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CVE-2020-9914
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.21%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:46
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvostvOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9991
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.14% / 84.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 21:11
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xicloudwatchOSiCloud for WindowsmacOStvOSiOS and iPadOS
CVE-2020-9931
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.30%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:50
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9826
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.70%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:14
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xipadosmacOSiOS
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found