CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-4277 20 2019-01-11 2019-01-16
5.0
 None Remote Low Not required None Partial None
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
2 CVE-2018-4227 310 2018-06-08 2018-07-29
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
3 CVE-2018-4221 200 +Info 2018-06-08 2018-07-29
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
4 CVE-2018-4217 254 2019-01-11 2019-01-16
5.0
 None Remote Low Not required Partial None None
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
5 CVE-2018-4192 362 Exec Code 2018-06-08 2018-10-21
5.1
 None Remote High Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.
6 CVE-2018-4184 254 Bypass 2018-06-08 2018-07-13
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
7 CVE-2018-4142 20 DoS 2018-04-03 2018-04-27
5.0
 None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.
8 CVE-2018-4137 200 +Info 2018-04-03 2018-05-04
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
9 CVE-2018-4100 399 DoS 2018-04-03 2018-05-04
5.0
 None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
10 CVE-2017-18190 254 Exec Code 2018-02-16 2018-07-04
5.0
 None Remote Low Not required None Partial None
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
11 CVE-2017-13903 371 2017-12-25 2017-12-29
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.
12 CVE-2017-13888 704 2019-01-11 2019-01-17
5.0
 None Remote Low Not required None Partial None
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
13 CVE-2017-13887 320 2019-01-11 2019-01-23
5.0
 None Remote Low Not required None Partial None
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.
14 CVE-2017-13878 125 DoS Bypass 2017-12-25 2018-01-21
5.6
 None Local Low Not required Partial None Complete
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
15 CVE-2017-13874 254 Bypass 2017-12-25 2017-12-28
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.
16 CVE-2017-13871 371 2017-12-25 2017-12-28
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.
17 CVE-2017-13850 119 DoS Overflow Mem. Corr. +Info 2018-04-03 2018-05-04
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.
18 CVE-2017-13837 254 2018-04-03 2018-05-04
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.
19 CVE-2017-13831 200 DoS +Info 2017-11-12 2017-11-27
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.
20 CVE-2017-13820 119 DoS Overflow Mem. Corr. +Info 2017-11-12 2017-11-27
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.
21 CVE-2017-11122 200 +Info 2017-10-03 2017-11-02
5.0
 None Remote Low Not required Partial None None
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
22 CVE-2017-7154 20 DoS Bypass 2017-12-27 2018-02-24
5.6
 None Local Low Not required Partial None Complete
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
23 CVE-2017-7153 601 2018-04-03 2018-05-03
5.8
 None Remote Medium Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.
24 CVE-2017-7147 200 +Info 2017-10-22 2017-10-27
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
25 CVE-2017-7146 254 2017-10-22 2017-10-27
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
26 CVE-2017-7145 275 2017-10-22 2017-10-26
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
27 CVE-2017-7142 200 Bypass +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.
28 CVE-2017-7141 200 Bypass +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message.
29 CVE-2017-7140 200 +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.
30 CVE-2017-7133 310 +Info 2017-10-22 2017-10-27
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.
31 CVE-2017-7116 200 +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.
32 CVE-2017-7090 200 Bypass +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
33 CVE-2017-7080 295 Bypass 2017-10-22 2017-10-26
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
34 CVE-2017-7078 200 +Info 2017-10-22 2017-10-26
5.0
 None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.
35 CVE-2017-7065 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-05-04
5.8
 None Local Network Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.
36 CVE-2017-7063 399 DoS 2017-07-20 2017-07-24
5.0
 None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).
37 CVE-2017-7007 400 DoS 2017-07-20 2017-07-24
5.0
 None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).
38 CVE-2017-7004 362 Bypass 2018-04-03 2018-05-04
5.1
 None Remote High Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
39 CVE-2017-2498 295 Bypass 2017-05-22 2017-07-07
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
40 CVE-2017-2497 601 2017-05-22 2017-07-07
5.8
 None Remote Medium Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.
41 CVE-2017-2484 254 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.
42 CVE-2017-2461 399 DoS 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
43 CVE-2017-2450 125 DoS +Info 2017-04-01 2017-07-11
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
44 CVE-2017-2447 119 DoS Overflow Mem. Corr. +Info 2017-04-01 2017-08-15
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
45 CVE-2017-2439 125 DoS +Info 2017-04-01 2017-07-11
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
46 CVE-2017-2429 275 Bypass 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.
47 CVE-2017-2419 284 Bypass 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
48 CVE-2017-2414 20 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.
49 CVE-2017-2409 125 DoS +Info 2017-04-01 2017-07-11
5.8
 None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.
50 CVE-2017-2404 254 2017-04-01 2017-07-11
5.0
 None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Total number of vulnerabilities : 524   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.