Total
3262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4194 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-4404 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-01-23 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2018-4330 | 1 Apple | 1 Iphone Os | 2019-01-23 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2016-4643 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. | |||||
| CVE-2016-4644 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. | |||||
| CVE-2016-4642 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. | |||||
| CVE-2017-13891 | 1 Apple | 1 Iphone Os | 2019-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. | |||||
| CVE-2016-7576 | 1 Apple | 1 Iphone Os | 2019-01-17 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. | |||||
| CVE-2017-13888 | 1 Apple | 1 Iphone Os | 2019-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| In iOS before 11.2, a type confusion issue was addressed with improved memory handling. | |||||
| CVE-2017-2411 | 1 Apple | 1 Iphone Os | 2019-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. | |||||
| CVE-2018-4147 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-01-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. | |||||
| CVE-2018-4189 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2019-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2017-8248 | 1 Apple | 1 Iphone Os | 2018-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. | |||||
| CVE-2012-0646 | 1 Apple | 1 Iphone Os | 2018-11-29 | 9.3 HIGH | N/A |
| Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | |||||
| CVE-2012-0641 | 1 Apple | 1 Iphone Os | 2018-11-29 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | |||||
| CVE-2012-0633 | 1 Apple | 2 Iphone Os, Itunes | 2018-11-29 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | |||||
| CVE-2012-0635 | 1 Apple | 2 Iphone Os, Itunes | 2018-11-29 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | |||||
| CVE-2012-0645 | 1 Apple | 1 Iphone Os | 2018-11-29 | 1.2 LOW | N/A |
| Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. | |||||
| CVE-2012-0591 | 1 Apple | 2 Iphone Os, Itunes | 2018-11-29 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | |||||
| CVE-2012-0644 | 1 Apple | 1 Iphone Os | 2018-11-29 | 6.9 MEDIUM | N/A |
| Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |||||