Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
Max CVSS
5.9
EPSS Score
0.45%
Published
2016-03-24
Updated
2016-12-03
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
Max CVSS
5.9
EPSS Score
0.18%
Published
2019-01-11
Updated
2019-01-17
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
Max CVSS
5.9
EPSS Score
0.12%
Published
2017-02-20
Updated
2017-02-21
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
Max CVSS
5.9
EPSS Score
0.10%
Published
2017-02-20
Updated
2017-02-21
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
Max CVSS
5.9
EPSS Score
0.23%
Published
2016-09-18
Updated
2017-08-13
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
Max CVSS
5.9
EPSS Score
0.21%
Published
2017-02-20
Updated
2019-03-25
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
Max CVSS
5.9
EPSS Score
0.69%
Published
2017-02-20
Updated
2018-10-30
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
Max CVSS
5.9
EPSS Score
0.17%
Published
2019-01-11
Updated
2019-01-17
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.
Max CVSS
5.9
EPSS Score
0.10%
Published
2017-04-02
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-04-02
Updated
2019-03-08
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.
Max CVSS
5.9
EPSS Score
0.07%
Published
2018-04-03
Updated
2019-03-08
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
Max CVSS
5.9
EPSS Score
0.30%
Published
2017-12-25
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.
Max CVSS
5.9
EPSS Score
0.09%
Published
2018-04-03
Updated
2018-05-04
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
Max CVSS
5.9
EPSS Score
0.91%
Published
2018-04-03
Updated
2018-05-04
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
Max CVSS
5.9
EPSS Score
0.22%
Published
2018-04-03
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
Max CVSS
5.9
EPSS Score
0.16%
Published
2018-06-08
Updated
2019-10-03
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Max CVSS
5.9
EPSS Score
0.69%
Published
2019-04-03
Updated
2019-04-04
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.
Max CVSS
5.9
EPSS Score
0.12%
Published
2019-04-03
Updated
2019-10-03
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Max CVSS
5.9
EPSS Score
0.28%
Published
2020-10-16
Updated
2023-01-09
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.
Max CVSS
5.9
EPSS Score
0.95%
Published
2021-09-08
Updated
2023-01-09
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
Max CVSS
5.9
EPSS Score
0.42%
Published
2021-02-16
Updated
2023-01-09
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
Max CVSS
5.9
EPSS Score
0.15%
Published
2023-02-27
Updated
2023-07-27
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
Max CVSS
5.9
EPSS Score
0.15%
Published
2024-01-23
Updated
2024-03-13
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
Max CVSS
5.9
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-03-14
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
Max CVSS
5.8
EPSS Score
0.54%
Published
2009-08-12
Updated
2022-08-09
532 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!