Total
5557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1355 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 4.9 MEDIUM | N/A |
| The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. | |||||
| CVE-2014-1361 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. | |||||
| CVE-2014-1356 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. | |||||
| CVE-2014-1358 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1357 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. | |||||
| CVE-2014-1295 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 6.8 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | |||||
| CVE-2014-1296 | 1 Apple | 4 Iphone Os, Mac Os X, Mac Os X Server and 1 more | 2019-03-08 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | |||||
| CVE-2014-1320 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 4.9 MEDIUM | N/A |
| IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. | |||||
| CVE-2018-4221 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. | |||||
| CVE-2018-4225 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications. | |||||
| CVE-2019-6220 | 1 Apple | 1 Mac Os X | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. | |||||
| CVE-2019-6231 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory. | |||||
| CVE-2018-5001 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5000 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4945 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-6219 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2018-4242 | 1 Apple | 1 Mac Os X | 2019-03-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2018-4240 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. | |||||
| CVE-2018-4139 | 1 Apple | 1 Mac Os X | 2019-03-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2018-4226 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information. | |||||