| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-20505 |
89 |
|
DoS Sql |
2019-04-03 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). |
|
2 |
CVE-2018-4436 |
295 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. |
|
3 |
CVE-2018-4398 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
4 |
CVE-2018-4369 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
|
5 |
CVE-2018-4366 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1. |
|
6 |
CVE-2018-4356 |
275 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. |
|
7 |
CVE-2018-4329 |
19 |
|
|
2019-04-03 |
2019-04-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. |
|
8 |
CVE-2018-4321 |
20 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. |
|
9 |
CVE-2018-4319 |
254 |
|
|
2019-04-03 |
2019-04-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
10 |
CVE-2018-4311 |
200 |
|
+Info |
2019-04-03 |
2019-04-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
11 |
CVE-2018-4293 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
12 |
CVE-2018-4279 |
20 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2. |
|
13 |
CVE-2018-4277 |
20 |
|
|
2019-01-11 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. |
|
14 |
CVE-2018-4276 |
476 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6. |
|
15 |
CVE-2018-4274 |
20 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. |
|
16 |
CVE-2018-4248 |
125 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2. |
|
17 |
CVE-2018-4227 |
319 |
|
|
2018-06-08 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. |
|
18 |
CVE-2018-4221 |
200 |
|
+Info |
2018-06-08 |
2018-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. |
|
19 |
CVE-2018-4217 |
254 |
|
|
2019-01-11 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. |
|
20 |
CVE-2018-4203 |
125 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
21 |
CVE-2018-4192 |
362 |
|
Exec Code |
2018-06-08 |
2018-10-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. |
|
22 |
CVE-2018-4184 |
254 |
|
Bypass |
2018-06-08 |
2018-07-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. |
|
23 |
CVE-2018-4142 |
20 |
|
DoS |
2018-04-03 |
2018-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string. |
|
24 |
CVE-2018-4137 |
200 |
|
+Info |
2018-04-03 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. |
|
25 |
CVE-2018-4100 |
400 |
|
DoS |
2018-04-03 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. |
|
26 |
CVE-2017-18190 |
290 |
|
Exec Code |
2018-02-16 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). |
|
27 |
CVE-2017-13903 |
|
|
|
2017-12-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. |
|
28 |
CVE-2017-13888 |
704 |
|
|
2019-01-11 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In iOS before 11.2, a type confusion issue was addressed with improved memory handling. |
|
29 |
CVE-2017-13887 |
320 |
|
|
2019-01-11 |
2019-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. |
|
30 |
CVE-2017-13878 |
125 |
|
DoS Bypass |
2017-12-25 |
2018-01-21 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash). |
|
31 |
CVE-2017-13874 |
|
|
Bypass |
2017-12-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. |
|
32 |
CVE-2017-13871 |
|
|
|
2017-12-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. |
|
33 |
CVE-2017-13850 |
119 |
|
DoS Overflow Mem. Corr. +Info |
2018-04-03 |
2018-05-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. |
|
34 |
CVE-2017-13837 |
|
|
|
2018-04-03 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. |
|
35 |
CVE-2017-13831 |
200 |
|
DoS +Info |
2017-11-12 |
2017-11-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. |
|
36 |
CVE-2017-13820 |
119 |
|
DoS Overflow Mem. Corr. +Info |
2017-11-12 |
2017-11-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. |
|
37 |
CVE-2017-11122 |
200 |
|
+Info |
2017-10-03 |
2017-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. |
|
38 |
CVE-2017-7154 |
20 |
|
DoS Bypass |
2017-12-27 |
2018-02-24 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). |
|
39 |
CVE-2017-7153 |
601 |
|
|
2018-04-03 |
2018-05-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. |
|
40 |
CVE-2017-7151 |
362 |
|
|
2019-04-03 |
2019-04-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. |
|
41 |
CVE-2017-7147 |
319 |
|
+Info |
2017-10-22 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time. |
|
42 |
CVE-2017-7146 |
732 |
|
|
2017-10-22 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. |
|
43 |
CVE-2017-7145 |
275 |
|
|
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data. |
|
44 |
CVE-2017-7142 |
200 |
|
Bypass +Info |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. |
|
45 |
CVE-2017-7141 |
200 |
|
Bypass +Info |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message. |
|
46 |
CVE-2017-7140 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions. |
|
47 |
CVE-2017-7133 |
319 |
|
+Info |
2017-10-22 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. |
|
48 |
CVE-2017-7116 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic. |
|
49 |
CVE-2017-7090 |
200 |
|
Bypass +Info |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. |
|
50 |
CVE-2017-7080 |
295 |
|
Bypass |
2017-10-22 |
2017-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. |
