# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
2 |
CVE-2018-20506 |
190 |
|
Exec Code Overflow |
2019-04-03 |
2019-06-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. |
3 |
CVE-2018-20505 |
89 |
|
DoS Sql |
2019-04-03 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). |
4 |
CVE-2018-5383 |
347 |
|
|
2018-08-07 |
2019-10-02 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
5 |
CVE-2018-4465 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
6 |
CVE-2018-4464 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
7 |
CVE-2018-4461 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
8 |
CVE-2018-4460 |
20 |
|
DoS |
2019-04-03 |
2019-04-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
9 |
CVE-2018-4447 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
10 |
CVE-2018-4446 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1. |
11 |
CVE-2018-4445 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. |
12 |
CVE-2018-4443 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
13 |
CVE-2018-4442 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
14 |
CVE-2018-4441 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
15 |
CVE-2018-4440 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
16 |
CVE-2018-4439 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
17 |
CVE-2018-4438 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
18 |
CVE-2018-4437 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. |
19 |
CVE-2018-4436 |
295 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. |
20 |
CVE-2018-4435 |
20 |
|
|
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
21 |
CVE-2018-4431 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
22 |
CVE-2018-4430 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1. |
23 |
CVE-2018-4429 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. |
24 |
CVE-2018-4427 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006. |
25 |
CVE-2018-4426 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
26 |
CVE-2018-4425 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
27 |
CVE-2018-4420 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
28 |
CVE-2018-4419 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
29 |
CVE-2018-4416 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
30 |
CVE-2018-4414 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
31 |
CVE-2018-4413 |
119 |
|
Overflow |
2019-04-03 |
2019-04-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
32 |
CVE-2018-4412 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
33 |
CVE-2018-4409 |
400 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
34 |
CVE-2018-4408 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
35 |
CVE-2018-4407 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
36 |
CVE-2018-4404 |
119 |
|
Overflow Mem. Corr. |
2019-01-11 |
2019-01-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. |
37 |
CVE-2018-4401 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
38 |
CVE-2018-4400 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. |
39 |
CVE-2018-4399 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
40 |
CVE-2018-4398 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. |
41 |
CVE-2018-4395 |
20 |
|
|
2019-04-03 |
2019-04-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
42 |
CVE-2018-4394 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1. |
43 |
CVE-2018-4392 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
44 |
CVE-2018-4388 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1. |
45 |
CVE-2018-4387 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. |
46 |
CVE-2018-4386 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |
47 |
CVE-2018-4385 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. |
48 |
CVE-2018-4384 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1. |
49 |
CVE-2018-4383 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
50 |
CVE-2018-4382 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. |