National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:iphone_os:11.3
There are 208 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2019-6200

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

Published: March 05, 2019; 11:29:00 AM -05:00
V3: 8.8 HIGH
V2: 5.8 MEDIUM
CVE-2019-6235

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

Published: March 04, 2019; 03:29:00 PM -05:00
V3: 10.0 CRITICAL
V2: 7.5 HIGH
CVE-2019-6206

An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

Published: March 04, 2019; 03:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2019-8906

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

Published: February 18, 2019; 12:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4404

In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.

Published: January 11, 2019; 01:29:03 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4330

In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.

Published: January 11, 2019; 01:29:03 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4277

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-4262

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4194

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

Published: January 11, 2019; 01:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Published: August 07, 2018; 05:29:00 PM -04:00
V3: 6.8 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4252

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 4.6 MEDIUM
V2: 2.1 LOW
CVE-2018-4250

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4247

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4246

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4244

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 4.6 MEDIUM
V2: 2.1 LOW
CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4240

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM