CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-4404 119 Overflow Mem. Corr. 2019-01-11 2019-01-23
9.3
None Remote Medium Not required Complete Complete Complete
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
2 CVE-2018-4330 119 Overflow Mem. Corr. 2019-01-11 2019-01-23
9.3
None Remote Medium Not required Complete Complete Complete
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
3 CVE-2018-4298 275 2019-01-11 2019-01-17
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.
4 CVE-2018-4281 119 Overflow 2019-01-11 2019-01-24
7.5
None Remote Low Not required Partial Partial Partial
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.
5 CVE-2018-4278 254 2019-01-11 2019-01-16
4.3
None Remote Medium Not required Partial None None
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
6 CVE-2018-4277 20 2019-01-11 2019-01-16
5.0
None Remote Low Not required None Partial None
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
7 CVE-2018-4262 119 Overflow Mem. Corr. 2019-01-11 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
8 CVE-2018-4258 119 Overflow 2019-01-11 2019-01-16
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
9 CVE-2018-4257 119 Overflow 2019-01-11 2019-01-16
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
10 CVE-2018-4256 125 2019-01-11 2019-01-16
2.1
None Local Low Not required Partial None None
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
11 CVE-2018-4255 125 2019-01-11 2019-01-16
2.1
None Local Low Not required Partial None None
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
12 CVE-2018-4254 20 2019-01-11 2019-01-16
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.
13 CVE-2018-4217 254 2019-01-11 2019-01-16
5.0
None Remote Low Not required Partial None None
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
14 CVE-2018-4213 20 2019-01-11 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
15 CVE-2018-4212 2019-01-11 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
16 CVE-2018-4210 129 2019-01-11 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
17 CVE-2018-4189 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
10.0
None Remote Low Not required Complete Complete Complete
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.
18 CVE-2018-4183 285 2019-01-11 2019-01-16
7.2
None Local Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.
19 CVE-2018-4182 285 2019-01-11 2019-01-16
7.2
None Local Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.
20 CVE-2018-4181 285 2019-01-11 2019-01-16
4.9
None Local Low Not required Complete None None
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
21 CVE-2018-4180 285 2019-01-11 2019-01-22
4.6
None Local Low Not required Partial Partial Partial
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
22 CVE-2018-4169 125 2019-01-11 2019-01-17
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.
23 CVE-2018-4147 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
6.8
None Remote Medium Not required Partial Partial Partial
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.
24 CVE-2017-13891 20 2019-01-11 2019-01-17
4.3
None Remote Medium Not required None Partial None
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.
25 CVE-2017-13889 264 2019-01-11 2019-01-17
7.5
None Remote Low Not required Partial Partial Partial
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation.
26 CVE-2017-13888 704 2019-01-11 2019-01-17
5.0
None Remote Low Not required None Partial None
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
27 CVE-2017-13887 320 2019-01-11 2019-01-23
5.0
None Remote Low Not required None Partial None
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.
28 CVE-2017-13886 285 2019-01-11 2019-01-22
4.0
None Remote Low Single system None None Partial
In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions.
29 CVE-2017-2411 254 2019-01-11 2019-01-17
4.3
None Remote Medium Not required Partial None None
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
30 CVE-2016-7576 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
9.3
None Remote Medium Not required Complete Complete Complete
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
31 CVE-2016-4644 200 +Info 2019-01-11 2019-01-17
4.0
None Remote Low Single system Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
32 CVE-2016-4643 200 +Info 2019-01-11 2019-01-17
4.0
None Remote Low Single system Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
33 CVE-2016-4642 254 2019-01-11 2019-01-17
4.3
None Remote Medium Not required Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.