CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-9506 310 2019-08-14 2019-08-28
4.8
None Local Network Low Not required Partial Partial None
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
2 CVE-2018-5383 347 2018-08-07 2019-10-02
4.3
None Local Network Medium Not required Partial Partial None
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
3 CVE-2018-4460 20 DoS 2019-04-03 2019-04-09
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
4 CVE-2018-4446 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.
5 CVE-2018-4445 200 +Info 2019-04-03 2019-04-05
4.0
None Remote Low Single system None Partial None
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.
6 CVE-2018-4440 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
7 CVE-2018-4439 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
8 CVE-2018-4431 200 +Info 2019-04-03 2019-04-05
4.9
None Local Low Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
9 CVE-2018-4429 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.
10 CVE-2018-4409 400 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None None Partial
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
11 CVE-2018-4400 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
12 CVE-2018-4399 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
13 CVE-2018-4385 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.
14 CVE-2018-4377 79 XSS 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
15 CVE-2018-4374 79 XSS 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
16 CVE-2018-4368 20 DoS 2019-04-03 2019-04-05
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
17 CVE-2018-4365 125 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.
18 CVE-2018-4362 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.
19 CVE-2018-4355 200 +Info 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
20 CVE-2018-4345 79 XSS 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
21 CVE-2018-4335 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.
22 CVE-2018-4333 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
23 CVE-2018-4309 79 XSS 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None Partial None
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
24 CVE-2018-4307 20 2019-04-03 2019-04-04
4.3
None Remote Medium Not required Partial None None
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
25 CVE-2018-4304 20 DoS 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
26 CVE-2018-4290 DoS 2019-04-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.
27 CVE-2018-4282 125 2019-04-03 2019-04-04
4.9
None Local Low Not required Complete None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
28 CVE-2018-4278 254 2019-01-11 2019-01-16
4.3
None Remote Medium Not required Partial None None
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
29 CVE-2018-4273 119 Overflow Mem. Corr. 2019-04-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
30 CVE-2018-4271 119 Overflow Mem. Corr. 2019-04-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
31 CVE-2018-4270 119 Overflow Mem. Corr. 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
32 CVE-2018-4266 362 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
33 CVE-2018-4260 20 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
34 CVE-2018-4250 20 DoS 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
35 CVE-2018-4247 20 DoS 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.
36 CVE-2018-4240 20 DoS 2018-06-08 2018-09-14
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
37 CVE-2018-4232 2018-06-08 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
38 CVE-2018-4216 275 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None Partial None
A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1.
39 CVE-2018-4202 20 2018-06-08 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
40 CVE-2018-4198 20 DoS 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
41 CVE-2018-4190 522 +Info 2018-06-08 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.
42 CVE-2018-4188 20 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
43 CVE-2018-4187 20 2018-06-08 2019-04-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
44 CVE-2018-4174 2018-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
45 CVE-2018-4173 269 2018-04-13 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
46 CVE-2018-4146 119 DoS Overflow Mem. Corr. 2018-04-03 2018-11-09
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.
47 CVE-2018-4131 Bypass 2018-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.
48 CVE-2018-4117 200 Bypass +Info 2018-04-03 2018-11-09
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
49 CVE-2018-4113 617 2018-04-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
50 CVE-2018-4104 200 Bypass +Info 2018-04-03 2018-04-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Total number of vulnerabilities : 311   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.