| Month | Quarter | Year |
|---|---|---|
| #76 | #N/A | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-6226 | CWE-119 | Buffer Errors | 8.8 |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
|
|||
| CVE-2018-4401 | CWE-119 | Buffer Errors | 7.8 |
|
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
|
|||
| CVE-2018-4383 | CWE-119 | Buffer Errors | 7.8 |
|
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
|
|||
| CVE-2018-4330 | CWE-119 | Buffer Errors | 7.8 |
|
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
|
|||
| CVE-2018-4327 | CWE-119 | Buffer Errors | 7.8 |
|
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.
|
|||
| CVE-2018-4281 | CWE-119 | Buffer Errors | 9.8 |
|
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.
|
|||
| CVE-2018-4220 | CWE-264 | Permissions, Privileges, and Access Control | 8.8 |
|
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.
|
|||
| CVE-2018-2894 | CWE-284 | Improper Access Control | 9.8 |
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
|
|||
| CVE-2017-7099 | CWE-119 | Buffer Errors | 8.8 |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
|||
| CVE-2017-7090 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
|
|||