Total
3596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4090 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2018-04-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-7000 | 4 Apple, Chromium, Debian and 1 more | 7 Iphone Os, Mac Os X, Chromium and 4 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-7001 | 1 Apple | 2 Iphone Os, Mac Os X | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-7002 | 1 Apple | 2 Iphone Os, Mac Os X | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-4088 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-4096 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-4089 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2014-8130 | 3 Apple, Libtiff, Redhat | 9 Iphone Os, Mac Os X, Libtiff and 6 more | 2018-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. | |||||
| CVE-2016-1835 | 3 Apple, Canonical, Debian | 4 Iphone Os, Mac Os X, Ubuntu Linux and 1 more | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2017-13879 | 1 Apple | 1 Iphone Os | 2017-12-29 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2011-3102 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-12-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2017-13847 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-12-28 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-2730 | 2 Apple, Huawei | 3 Iphone Os, Hilink, Tech Support | 2017-12-11 | 2.9 LOW | 3.5 LOW |
| HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. | |||||
| CVE-2012-0672 | 1 Apple | 1 Iphone Os | 2017-12-07 | 6.8 MEDIUM | N/A |
| WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-7113 | 1 Apple | 1 Iphone Os | 2017-11-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. | |||||
| CVE-2017-13805 | 1 Apple | 1 Iphone Os | 2017-11-28 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state. | |||||
| CVE-2017-13127 | 3 Apple, Google, Vip | 3 Iphone Os, Android, Vip | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | |||||
| CVE-2017-7131 | 1 Apple | 1 Iphone Os | 2017-10-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app. | |||||
| CVE-2017-7148 | 1 Apple | 1 Iphone Os | 2017-10-26 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. | |||||
| CVE-2017-7144 | 1 Apple | 2 Iphone Os, Safari | 2017-10-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | |||||