Total
3625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3752 | 2 Apple, Canonical | 3 Iphone Os, Safari, Ubuntu Linux | 2019-02-07 | 5.0 MEDIUM | N/A |
| The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. | |||||
| CVE-2015-3751 | 1 Apple | 2 Iphone Os, Safari | 2019-02-07 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | |||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2019-02-07 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | |||||
| CVE-2015-3750 | 1 Apple | 2 Iphone Os, Safari | 2019-02-07 | 6.4 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | |||||
| CVE-2015-3753 | 1 Apple | 2 Iphone Os, Safari | 2019-02-07 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. | |||||
| CVE-2015-3748 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2019-02-07 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2015-3749 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2019-02-07 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2018-0691 | 6 Apple, Google, Kddi and 3 more | 6 Iphone Os, Android, \+ Message and 3 more | 2019-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1093 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-01-31 | 6.8 MEDIUM | N/A |
| FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||||
| CVE-2018-4194 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-4330 | 1 Apple | 1 Iphone Os | 2019-01-23 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2016-4643 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. | |||||
| CVE-2016-4644 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. | |||||
| CVE-2016-4642 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. | |||||
| CVE-2017-13891 | 1 Apple | 1 Iphone Os | 2019-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. | |||||
| CVE-2016-7576 | 1 Apple | 1 Iphone Os | 2019-01-17 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. | |||||
| CVE-2017-13888 | 1 Apple | 1 Iphone Os | 2019-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| In iOS before 11.2, a type confusion issue was addressed with improved memory handling. | |||||
| CVE-2017-2411 | 1 Apple | 1 Iphone Os | 2019-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. | |||||
| CVE-2018-4147 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-01-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. | |||||
| CVE-2018-4189 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2019-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||