Filtered by vendor Apple
Subscribe
Total
11189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13844 | 1 Apple | 1 Iphone Os | 2019-04-29 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state. | |||||
| CVE-2015-5922 | 2 Apple, Icu-project | 3 Mac Os X, Watchos, International Components For Unicode | 2019-04-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | |||||
| CVE-2014-8146 | 2 Apple, Icu-project | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2019-04-23 | 7.5 HIGH | N/A |
| The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | |||||
| CVE-2015-2783 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 5.8 MEDIUM | N/A |
| ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. | |||||
| CVE-2015-4022 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. | |||||
| CVE-2015-3307 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. | |||||
| CVE-2015-4026 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2015-4025 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2015-4021 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 5.0 MEDIUM | N/A |
| The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. | |||||
| CVE-2018-4187 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. | |||||
| CVE-2018-4460 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. | |||||
| CVE-2018-4353 | 1 Apple | 1 Mac Os X | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4412 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4311 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-08 | 5.8 MEDIUM | 8.1 HIGH |
| The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4312 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4371 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | |||||
| CVE-2018-4395 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-08 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4380 | 1 Apple | 1 Iphone Os | 2019-04-08 | 2.1 LOW | 5.5 MEDIUM |
| A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1. | |||||
| CVE-2018-4326 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | |||||
| CVE-2018-4329 | 1 Apple | 2 Iphone Os, Safari | 2019-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | |||||