CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-9506 310 2019-08-14 2019-08-28
4.8
None Local Network Low Not required Partial Partial None
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
2 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
3 CVE-2018-20506 190 Exec Code Overflow 2019-04-03 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
4 CVE-2018-20505 89 DoS Sql 2019-04-03 2019-06-19
5.0
None Remote Low Not required None None Partial
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
5 CVE-2018-18313 125 2018-12-07 2019-09-06
6.4
None Remote Low Not required Partial None Partial
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
6 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2019-08-06
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
7 CVE-2018-5383 347 2018-08-07 2019-10-02
4.3
None Local Network Medium Not required Partial Partial None
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
8 CVE-2018-4470 254 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
9 CVE-2018-4462 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
10 CVE-2018-4460 20 DoS 2019-04-03 2019-04-09
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
11 CVE-2018-4435 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
12 CVE-2018-4434 125 2019-04-03 2019-04-05
6.6
None Local Low Not required Complete None Complete
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
13 CVE-2018-4431 200 +Info 2019-04-03 2019-04-05
4.9
None Local Low Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
14 CVE-2018-4423 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
15 CVE-2018-4418 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
16 CVE-2018-4417 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
17 CVE-2018-4414 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
18 CVE-2018-4412 119 Overflow Mem. Corr. 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
19 CVE-2018-4411 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
20 CVE-2018-4407 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.5
None Remote Low Single system Partial Partial Partial
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
21 CVE-2018-4406 20 DoS 2019-04-03 2019-04-05
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
22 CVE-2018-4403 200 +Info 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.
23 CVE-2018-4400 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
24 CVE-2018-4399 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
25 CVE-2018-4398 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required None Partial None
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
26 CVE-2018-4396 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
27 CVE-2018-4395 20 2019-04-03 2019-04-08
2.1
None Local Low Not required None None Partial
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
28 CVE-2018-4394 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
29 CVE-2018-4389 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.
30 CVE-2018-4371 125 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
31 CVE-2018-4369 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
32 CVE-2018-4368 20 DoS 2019-04-03 2019-04-05
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
33 CVE-2018-4355 200 +Info 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
34 CVE-2018-4354 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
35 CVE-2018-4351 665 2019-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
36 CVE-2018-4348 20 2019-04-03 2019-04-05
2.1
None Local Low Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
37 CVE-2018-4347 416 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
38 CVE-2018-4346 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.
39 CVE-2018-4342 20 2019-04-03 2019-04-05
2.1
None Local Low Not required None Partial None
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
40 CVE-2018-4341 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
41 CVE-2018-4338 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
42 CVE-2018-4333 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
43 CVE-2018-4326 119 Overflow Mem. Corr. 2019-04-03 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
44 CVE-2018-4324 732 2019-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
45 CVE-2018-4321 20 2019-04-03 2019-04-04
5.0
None Remote Low Not required Partial None None
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
46 CVE-2018-4308 125 2019-04-03 2019-04-04
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.
47 CVE-2018-4304 20 DoS 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
48 CVE-2018-4303 20 2019-04-03 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
49 CVE-2018-4293 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required Partial None None
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
50 CVE-2018-4283 125 2019-04-03 2019-10-02
4.9
None Local Low Not required Complete None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
Total number of vulnerabilities : 1303   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.