Total
30633 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4391 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2018-4390 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2018-4361 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4356 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. | |||||
| CVE-2018-4339 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier. | |||||
| CVE-2018-4298 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. | |||||
| CVE-2018-4296 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. | |||||
| CVE-2018-4290 | 1 Apple | 2 Iphone Os, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2. | |||||
| CVE-2018-4278 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | |||||
| CVE-2018-4237 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error. | |||||
| CVE-2018-4232 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. | |||||
| CVE-2018-4229 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists. | |||||
| CVE-2018-4216 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. | |||||
| CVE-2018-4212 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
| CVE-2018-4184 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. | |||||
| CVE-2018-4183 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. | |||||
| CVE-2018-4182 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. | |||||
| CVE-2018-4181 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
| CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
| CVE-2018-4174 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. | |||||