An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.
Max CVSS
9.8
EPSS Score
0.23%
Published
2019-03-04
Updated
2020-08-24
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Max CVSS
9.8
EPSS Score
0.40%
Published
2022-12-05
Updated
2024-03-27
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.
Max CVSS
9.3
EPSS Score
0.07%
Published
2018-06-08
Updated
2019-10-03
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
9.3
EPSS Score
0.13%
Published
2022-03-18
Updated
2022-03-28
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Max CVSS
9.1
EPSS Score
46.78%
Published
2017-07-13
Updated
2021-06-06
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Max CVSS
8.1
EPSS Score
0.28%
Published
2019-04-03
Updated
2019-04-08
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-10-27
Updated
2021-07-21
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.12%
Published
2021-09-08
Updated
2022-06-28
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-05-14
Updated
2016-05-19
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.44%
Published
2016-05-20
Updated
2019-03-25
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
Max CVSS
7.5
EPSS Score
0.23%
Published
2016-05-20
Updated
2016-12-02
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.65%
Published
2020-02-03
Updated
2020-02-05
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
Max CVSS
7.5
EPSS Score
0.32%
Published
2016-09-25
Updated
2017-07-30
An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-04-02
Updated
2017-07-12
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-10-23
Updated
2019-03-08
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.
Max CVSS
7.5
EPSS Score
0.41%
Published
2017-10-23
Updated
2019-03-08
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
Max CVSS
7.5
EPSS Score
0.37%
Published
2017-10-04
Updated
2019-03-08
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
Max CVSS
7.5
EPSS Score
0.20%
Published
2018-04-03
Updated
2018-05-04
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
Max CVSS
7.5
EPSS Score
0.37%
Published
2019-01-11
Updated
2019-03-08
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-01-11
Updated
2019-02-01
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-01-11
Updated
2020-08-24
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-06-08
Updated
2019-03-08
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-12-18
Updated
2019-12-20
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-12-18
Updated
2019-12-20
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
7.1
EPSS Score
0.33%
Published
2009-01-15
Updated
2017-08-08
431 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!