Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2018-4190 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. MEDIUM Jun 19, 2018
CVE-2018-4199 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. MEDIUM Jun 19, 2018
CVE-2018-4198 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the UIKit component. It allows remote attackers to cause a denial of service via a crafted text file. MEDIUM Jun 9, 2018
CVE-2018-4223 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier. LOW Jun 9, 2018
CVE-2018-4240 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Messages component. It allows remote attackers to cause a denial of service via a crafted message. MEDIUM Jun 9, 2018
CVE-2018-4235 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Messages component. It allows local users to perform impersonation attacks via an unspecified injection. LOW Jun 9, 2018
CVE-2018-4237 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the libxpc component. It allows attackers to gain privileges via a crafted app that leverages a logic error. MEDIUM Jun 9, 2018
CVE-2018-4241 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Kernel component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app. HIGH Jun 9, 2018
CVE-2018-4243 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Kernel component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app. HIGH Jun 9, 2018
CVE-2018-4211 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. MEDIUM Jun 9, 2018
CVE-2018-4249 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app. HIGH Jun 9, 2018
CVE-2018-4221 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the Security component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. MEDIUM Jun 9, 2018
CVE-2018-4227 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the Mail component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. MEDIUM Jun 9, 2018
CVE-2018-4202 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the iBooks component. It allows man-in-the-middle attackers to spoof a password prompt. MEDIUM Jun 9, 2018
CVE-2018-4226 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of sensitive user information. LOW Jun 9, 2018
CVE-2018-4225 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on Keychain state modifications. LOW Jun 9, 2018
CVE-2018-4224 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. LOW Jun 9, 2018
CVE-2018-4204 An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Jun 9, 2018
CVE-2018-4200 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. MEDIUM Jun 9, 2018
CVE-2018-4206 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Crash Reporter component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name. MEDIUM Jun 9, 2018
CVE-2018-4187 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the LinkPresentation component. It allows remote attackers to spoof the UI via a crafted URL in a text message. MEDIUM Jun 9, 2018
CVE-2018-4110 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Web App component. It allows remote attackers to bypass intended restrictions on cookie persistence. HIGH Apr 3, 2018
CVE-2018-4140 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Telephony component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message. HIGH Apr 3, 2018
CVE-2018-4148 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Telephony component. A buffer overflow allows remote attackers to execute arbitrary code. HIGH Apr 3, 2018
CVE-2018-4149 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the SafariViewController component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page. MEDIUM Apr 3, 2018
CVE-2018-4134 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Safari component. It allows remote attackers to spoof the user interface via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4172 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Find My iPhone component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the Find My iPhone feature via vectors involving a backup restore. LOW Apr 3, 2018
CVE-2018-4168 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the Files Widget component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device. LOW Apr 3, 2018
CVE-2018-4123 An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the Clock component. It allows physically proximate attackers to discover the iTunes e-mail address. LOW Apr 3, 2018
CVE-2018-4137 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the Safari Login AutoFill component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. MEDIUM Apr 3, 2018
CVE-2018-4117 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4114 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4121 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4122 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4125 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4129 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4161 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4162 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4163 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4146 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the WebKit component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4113 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the WebKit component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. MEDIUM Apr 3, 2018
CVE-2018-4101 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4118 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4119 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4120 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4127 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4128 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4130 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4165 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Apr 3, 2018
CVE-2018-4158 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the CoreFoundation component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. HIGH Apr 4, 2018
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online