CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-8725 200 +Info 2019-12-18 2021-07-21
5.0
None Remote Low Not required Partial None None
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.
102 CVE-2019-8711 200 +Info 2019-12-18 2021-07-21
5.0
None Remote Low Not required Partial None None
A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.
103 CVE-2019-8699 2019-12-18 2020-08-24
5.0
None Remote Low Not required Partial None None
A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.
104 CVE-2019-8667 2019-12-18 2020-08-24
5.0
None Remote Low Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.
105 CVE-2019-8665 20 DoS 2019-12-18 2019-12-19
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.
106 CVE-2019-8663 2019-12-18 2020-08-24
5.0
None Remote Low Not required Partial None None
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
107 CVE-2019-8659 2019-12-18 2020-08-24
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.
108 CVE-2019-8646 125 2019-12-18 2019-12-19
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
109 CVE-2019-8640 20 2020-10-27 2020-11-02
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions.
110 CVE-2019-8633 20 2020-10-27 2020-10-28
5.0
None Remote Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.
111 CVE-2019-8631 2020-10-27 2020-10-28
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
112 CVE-2019-8624 125 2019-12-18 2019-12-20
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.
113 CVE-2019-8620 200 +Info 2019-12-18 2019-12-20
5.0
None Remote Low Not required Partial None None
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.
114 CVE-2019-8618 2020-10-27 2020-10-28
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.
115 CVE-2019-8580 2020-10-27 2020-10-30
5.0
None Remote Low Not required None Partial None
Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted.
116 CVE-2019-8575 2020-10-27 2020-10-30
5.0
None Remote Low Not required Partial None None
The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information.
117 CVE-2019-8567 200 +Info 2019-12-18 2019-12-20
5.0
None Remote Low Not required Partial None None
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.
118 CVE-2019-8564 2020-10-27 2020-10-30
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.
119 CVE-2019-8530 2019-12-18 2020-08-24
5.8
None Remote Medium Not required None Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.
120 CVE-2019-8521 2019-12-18 2020-08-24
5.8
None Remote Medium Not required None Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.
121 CVE-2019-8516 20 DoS 2019-12-18 2019-12-30
5.0
None Remote Low Not required None None Partial
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
122 CVE-2019-6223 2019-03-05 2020-08-24
5.0
None Remote Low Not required Partial None None
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
123 CVE-2019-6219 20 DoS 2019-03-05 2019-03-07
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.
124 CVE-2019-6206 200 +Info 2019-03-04 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.
125 CVE-2019-6200 125 Exec Code 2019-03-05 2019-03-06
5.8
None Local Network Low Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.
126 CVE-2018-20505 89 DoS Sql 2019-04-03 2019-06-19
5.0
None Remote Low Not required None None Partial
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
127 CVE-2018-16845 400 2018-11-07 2021-12-16
5.8
None Remote Medium Not required Partial None Partial
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
128 CVE-2018-16451 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
129 CVE-2018-16230 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
130 CVE-2018-16229 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
131 CVE-2018-16228 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
132 CVE-2018-16227 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
133 CVE-2018-14882 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
134 CVE-2018-14881 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
135 CVE-2018-14880 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
136 CVE-2018-14879 120 Overflow 2019-10-03 2020-01-20
5.1
None Remote High Not required Partial Partial Partial
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
137 CVE-2018-14470 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
138 CVE-2018-14469 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
139 CVE-2018-14468 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
140 CVE-2018-14467 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
141 CVE-2018-14466 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
142 CVE-2018-14465 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
143 CVE-2018-14464 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
144 CVE-2018-14463 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
145 CVE-2018-14462 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
146 CVE-2018-14461 125 2019-10-03 2020-01-20
5.0
None Remote Low Not required None None Partial
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
147 CVE-2018-4474 400 2020-10-27 2020-10-29
5.0
None Remote Low Not required None None Partial
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.
148 CVE-2018-4436 295 2019-04-03 2019-04-05
5.0
None Remote Low Not required None Partial None
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.
149 CVE-2018-4398 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required None Partial None
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
150 CVE-2018-4369 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
Total number of vulnerabilities : 662   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.