| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-9518 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. |
|
2 |
CVE-2019-9517 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. |
|
3 |
CVE-2019-9516 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. |
|
4 |
CVE-2019-9515 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
|
5 |
CVE-2019-9514 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. |
|
6 |
CVE-2019-9513 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. |
|
7 |
CVE-2019-9512 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
|
8 |
CVE-2019-9511 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
|
9 |
CVE-2018-18311 |
119 |
|
Overflow |
2018-12-07 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
|
10 |
CVE-2018-8897 |
362 |
|
|
2018-05-08 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. |
|
11 |
CVE-2018-4413 |
119 |
|
Overflow |
2019-04-03 |
2019-04-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
|
12 |
CVE-2018-4367 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1. |
|
13 |
CVE-2018-4363 |
20 |
|
|
2019-04-03 |
2019-04-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. |
|
14 |
CVE-2018-4353 |
20 |
|
|
2019-04-03 |
2019-04-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. |
|
15 |
CVE-2018-4310 |
269 |
|
|
2019-04-03 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
|
16 |
CVE-2018-4295 |
20 |
|
|
2019-04-03 |
2019-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. |
|
17 |
CVE-2018-4289 |
200 |
|
+Info |
2019-04-03 |
2019-04-04 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6. |
|
18 |
CVE-2018-4281 |
119 |
|
Overflow |
2019-01-11 |
2019-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. |
|
19 |
CVE-2018-4253 |
125 |
|
DoS Bypass |
2018-06-08 |
2018-07-13 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app. |
|
20 |
CVE-2018-4251 |
732 |
|
|
2018-06-08 |
2019-10-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. |
|
21 |
CVE-2018-4230 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition. |
|
22 |
CVE-2018-4228 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition. |
|
23 |
CVE-2018-4183 |
|
|
|
2019-01-11 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. |
|
24 |
CVE-2018-4182 |
|
|
|
2019-01-11 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. |
|
25 |
CVE-2018-4171 |
200 |
|
+Info |
2018-06-08 |
2018-07-13 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties. |
|
26 |
CVE-2018-4167 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
27 |
CVE-2018-4166 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
28 |
CVE-2018-4158 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
29 |
CVE-2018-4157 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
30 |
CVE-2018-4156 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
31 |
CVE-2018-4155 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
32 |
CVE-2018-4154 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
33 |
CVE-2018-4152 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
34 |
CVE-2018-4151 |
362 |
|
Exec Code |
2018-04-03 |
2019-10-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
35 |
CVE-2018-4148 |
119 |
|
Exec Code Overflow |
2018-04-03 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code. |
|
36 |
CVE-2018-4140 |
476 |
|
DoS |
2018-04-03 |
2018-05-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message. |
|
37 |
CVE-2018-4115 |
281 |
|
Bypass |
2018-04-03 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. |
|
38 |
CVE-2018-4110 |
|
|
Bypass |
2018-04-03 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence. |
|
39 |
CVE-2018-4108 |
20 |
|
|
2018-04-03 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. |
|
40 |
CVE-2018-4105 |
20 |
|
|
2018-04-03 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. |
|
41 |
CVE-2018-4091 |
|
|
Bypass |
2018-04-03 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. |
|
42 |
CVE-2017-17821 |
119 |
|
DoS Overflow |
2017-12-20 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. |
|
43 |
CVE-2017-14315 |
119 |
|
Overflow +Priv Bypass |
2017-09-12 |
2019-05-14 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings. |
|
44 |
CVE-2017-13889 |
287 |
|
|
2019-01-11 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. |
|
45 |
CVE-2017-13832 |
|
|
|
2017-11-12 |
2017-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. |
|
46 |
CVE-2017-7130 |
119 |
|
DoS Overflow |
2017-10-22 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
47 |
CVE-2017-7129 |
119 |
|
DoS Overflow |
2017-10-22 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
48 |
CVE-2017-7128 |
119 |
|
DoS Overflow |
2017-10-22 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
49 |
CVE-2017-7126 |
20 |
|
DoS |
2017-10-22 |
2017-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
50 |
CVE-2017-7125 |
20 |
|
DoS |
2017-10-22 |
2017-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
