Month | Quarter | Year |
---|---|---|
#N/A | #N/A | #N/A |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2018-4322 | CWE-20 | Input Validation | 3.3 |
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
|
|||
CVE-2018-4321 | CWE-20 | Input Validation | 5.3 |
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
|
|||
CVE-2018-4135 | CWE-119 | Buffer Errors | 7.8 |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||
CVE-2017-7119 | CWE-20 | Input Validation | 5.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
|
|||
CVE-2017-13877 | CWE-200 | Information Leak / Disclosure | 3.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.
|
|||
CVE-2017-13873 | CWE-200 | Information Leak / Disclosure | 4.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
|
|||
CVE-2017-13852 | CWE-200 | Information Leak / Disclosure | 3.3 |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.
|
|||
CVE-2017-13176 | CWE-20 | Input Validation | 8.8 |
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.
|