# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
2 |
CVE-2018-20506 |
190 |
|
Exec Code Overflow |
2019-04-03 |
2019-06-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. |
3 |
CVE-2018-20505 |
89 |
|
DoS Sql |
2019-04-03 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). |
4 |
CVE-2018-18313 |
125 |
|
|
2018-12-07 |
2019-09-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. |
5 |
CVE-2018-18311 |
119 |
|
Overflow |
2018-12-07 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
6 |
CVE-2018-12015 |
22 |
|
Dir. Trav. Bypass |
2018-06-07 |
2019-08-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. |
7 |
CVE-2018-8897 |
362 |
|
|
2018-05-08 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. |
8 |
CVE-2018-4470 |
254 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6. |
9 |
CVE-2018-4465 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
10 |
CVE-2018-4463 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2. |
11 |
CVE-2018-4462 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2. |
12 |
CVE-2018-4461 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
13 |
CVE-2018-4460 |
20 |
|
DoS |
2019-04-03 |
2019-04-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
14 |
CVE-2018-4456 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-05-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14. |
15 |
CVE-2018-4450 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2. |
16 |
CVE-2018-4449 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2. |
17 |
CVE-2018-4447 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
18 |
CVE-2018-4435 |
20 |
|
|
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
19 |
CVE-2018-4434 |
125 |
|
|
2019-04-03 |
2019-04-05 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2. |
20 |
CVE-2018-4431 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. |
21 |
CVE-2018-4427 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006. |
22 |
CVE-2018-4426 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
23 |
CVE-2018-4425 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
24 |
CVE-2018-4424 |
119 |
|
Overflow |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1. |
25 |
CVE-2018-4423 |
20 |
|
|
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1. |
26 |
CVE-2018-4422 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. |
27 |
CVE-2018-4421 |
119 |
|
Overflow |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. |
28 |
CVE-2018-4420 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
29 |
CVE-2018-4419 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
30 |
CVE-2018-4418 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
31 |
CVE-2018-4417 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
32 |
CVE-2018-4415 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. |
33 |
CVE-2018-4414 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
34 |
CVE-2018-4413 |
119 |
|
Overflow |
2019-04-03 |
2019-04-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
35 |
CVE-2018-4412 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. |
36 |
CVE-2018-4411 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. |
37 |
CVE-2018-4410 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1. |
38 |
CVE-2018-4408 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
39 |
CVE-2018-4407 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
40 |
CVE-2018-4406 |
20 |
|
DoS |
2019-04-03 |
2019-04-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. |
41 |
CVE-2018-4404 |
119 |
|
Overflow Mem. Corr. |
2019-01-11 |
2019-01-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. |
42 |
CVE-2018-4403 |
200 |
|
+Info |
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1. |
43 |
CVE-2018-4402 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. |
44 |
CVE-2018-4401 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
45 |
CVE-2018-4400 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. |
46 |
CVE-2018-4399 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
47 |
CVE-2018-4398 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. |
48 |
CVE-2018-4396 |
20 |
|
|
2019-04-03 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. |
49 |
CVE-2018-4395 |
20 |
|
|
2019-04-03 |
2019-04-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
50 |
CVE-2018-4394 |
119 |
|
Overflow Mem. Corr. |
2019-04-03 |
2019-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1. |