| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-9506 |
310 |
|
|
2019-08-14 |
2019-08-28 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
|
2 |
CVE-2018-5383 |
347 |
|
|
2018-08-07 |
2019-10-02 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
|
3 |
CVE-2018-4470 |
254 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6. |
|
4 |
CVE-2018-4462 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2. |
|
5 |
CVE-2018-4460 |
20 |
|
DoS |
2019-04-03 |
2019-04-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
|
6 |
CVE-2018-4446 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1. |
|
7 |
CVE-2018-4445 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. |
|
8 |
CVE-2018-4440 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
|
9 |
CVE-2018-4439 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
|
10 |
CVE-2018-4431 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
|
11 |
CVE-2018-4429 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. |
|
12 |
CVE-2018-4418 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
|
13 |
CVE-2018-4417 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
|
14 |
CVE-2018-4409 |
400 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
15 |
CVE-2018-4406 |
20 |
|
DoS |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. |
|
16 |
CVE-2018-4403 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1. |
|
17 |
CVE-2018-4400 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. |
|
18 |
CVE-2018-4399 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
19 |
CVE-2018-4396 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
|
20 |
CVE-2018-4389 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1. |
|
21 |
CVE-2018-4385 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. |
|
22 |
CVE-2018-4377 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
23 |
CVE-2018-4374 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
24 |
CVE-2018-4368 |
20 |
|
DoS |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
|
25 |
CVE-2018-4365 |
125 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1. |
|
26 |
CVE-2018-4362 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12. |
|
27 |
CVE-2018-4355 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
|
28 |
CVE-2018-4351 |
665 |
|
|
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. |
|
29 |
CVE-2018-4346 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
|
30 |
CVE-2018-4345 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
31 |
CVE-2018-4338 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
|
32 |
CVE-2018-4335 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12. |
|
33 |
CVE-2018-4333 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
|
34 |
CVE-2018-4324 |
732 |
|
|
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14. |
|
35 |
CVE-2018-4309 |
79 |
|
XSS |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
36 |
CVE-2018-4308 |
125 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14. |
|
37 |
CVE-2018-4307 |
20 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. |
|
38 |
CVE-2018-4304 |
20 |
|
DoS |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
39 |
CVE-2018-4300 |
200 |
|
+Info |
2019-04-03 |
2019-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. |
|
40 |
CVE-2018-4290 |
|
|
DoS |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2. |
|
41 |
CVE-2018-4283 |
125 |
|
|
2019-04-03 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6. |
|
42 |
CVE-2018-4282 |
125 |
|
|
2019-04-03 |
2019-04-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2. |
|
43 |
CVE-2018-4278 |
254 |
|
|
2019-01-11 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. |
|
44 |
CVE-2018-4273 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
45 |
CVE-2018-4271 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
46 |
CVE-2018-4270 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
47 |
CVE-2018-4266 |
362 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
48 |
CVE-2018-4260 |
20 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. |
|
49 |
CVE-2018-4250 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. |
|
50 |
CVE-2018-4247 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. |
