National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:iphone_os:6.1.2
There are 1,288 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-4298

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.

Published: January 11, 2019; 01:29:03 PM -05:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4277

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-4262

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4213

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4212

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.

Published: January 11, 2019; 01:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

Published: January 11, 2019; 01:29:01 PM -05:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-4147

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 6.8 MEDIUM
CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-13891

In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-13888

In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-7576

In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-4643

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-4642

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.

Published: January 11, 2019; 01:29:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Published: August 07, 2018; 05:29:00 PM -04:00
V3: 6.8 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4252

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 4.6 MEDIUM
V2: 2.1 LOW
CVE-2018-4250

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH