| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-9506 |
310 |
|
|
2019-08-14 |
2019-08-28 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
|
2 |
CVE-2018-5383 |
347 |
|
|
2018-08-07 |
2019-10-02 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
|
3 |
CVE-2018-4460 |
20 |
|
DoS |
2019-04-03 |
2019-04-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
|
4 |
CVE-2018-4446 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1. |
|
5 |
CVE-2018-4445 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. |
|
6 |
CVE-2018-4440 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
|
7 |
CVE-2018-4439 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
|
8 |
CVE-2018-4431 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
|
9 |
CVE-2018-4429 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. |
|
10 |
CVE-2018-4409 |
400 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
11 |
CVE-2018-4400 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. |
|
12 |
CVE-2018-4399 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
13 |
CVE-2018-4385 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. |
|
14 |
CVE-2018-4377 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
15 |
CVE-2018-4374 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
16 |
CVE-2018-4368 |
20 |
|
DoS |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
|
17 |
CVE-2018-4365 |
125 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1. |
|
18 |
CVE-2018-4362 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12. |
|
19 |
CVE-2018-4355 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
|
20 |
CVE-2018-4345 |
79 |
|
XSS |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
21 |
CVE-2018-4335 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12. |
|
22 |
CVE-2018-4333 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
|
23 |
CVE-2018-4309 |
79 |
|
XSS |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
|
24 |
CVE-2018-4307 |
20 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. |
|
25 |
CVE-2018-4304 |
20 |
|
DoS |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
26 |
CVE-2018-4290 |
|
|
DoS |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2. |
|
27 |
CVE-2018-4282 |
125 |
|
|
2019-04-03 |
2019-04-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2. |
|
28 |
CVE-2018-4278 |
254 |
|
|
2019-01-11 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. |
|
29 |
CVE-2018-4273 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
30 |
CVE-2018-4271 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
31 |
CVE-2018-4270 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
32 |
CVE-2018-4266 |
362 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
33 |
CVE-2018-4260 |
20 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. |
|
34 |
CVE-2018-4250 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. |
|
35 |
CVE-2018-4247 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. |
|
36 |
CVE-2018-4240 |
20 |
|
DoS |
2018-06-08 |
2018-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. |
|
37 |
CVE-2018-4232 |
|
|
|
2018-06-08 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. |
|
38 |
CVE-2018-4216 |
275 |
|
|
2019-04-03 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. |
|
39 |
CVE-2018-4202 |
20 |
|
|
2018-06-08 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt. |
|
40 |
CVE-2018-4198 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file. |
|
41 |
CVE-2018-4190 |
522 |
|
+Info |
2018-06-08 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. |
|
42 |
CVE-2018-4188 |
20 |
|
|
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. |
|
43 |
CVE-2018-4187 |
20 |
|
|
2018-06-08 |
2019-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. |
|
44 |
CVE-2018-4174 |
|
|
|
2018-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. |
|
45 |
CVE-2018-4173 |
269 |
|
|
2018-04-13 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. |
|
46 |
CVE-2018-4146 |
119 |
|
DoS Overflow Mem. Corr. |
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. |
|
47 |
CVE-2018-4131 |
|
|
Bypass |
2018-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. |
|
48 |
CVE-2018-4117 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
|
49 |
CVE-2018-4113 |
617 |
|
|
2018-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. |
|
50 |
CVE-2018-4104 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
