Filtered by vendor Apple
Subscriptions
Filtered by product Iphone Os
Subscriptions
Total
3731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20044 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-08-05 | 7.8 High |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | ||||
| CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-08-05 | 7.5 High |
| cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | ||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2024-08-05 | 5.3 Medium |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | ||||
| CVE-2019-15165 | 8 Apple, Canonical, Debian and 5 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-08-05 | 5.3 Medium |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | ||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-08-05 | 3.1 Low |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | ||||
| CVE-2019-14899 | 4 Apple, Freebsd, Linux and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2024-08-05 | 7.4 High |
| A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | ||||
| CVE-2019-14319 | 3 Apple, Google, Tiktok | 3 Iphone Os, Android, Tiktok | 2024-08-05 | N/A |
| The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. | ||||
| CVE-2019-13749 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Iphone Os, Debian Linux, Fedora and 6 more | 2024-08-05 | 6.5 Medium |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2019-13742 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Iphone Os, Debian Linux, Fedora and 6 more | 2024-08-05 | 6.5 Medium |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||||
| CVE-2019-13672 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-04 | 6.5 Medium |
| Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | ||||
| CVE-2019-13667 | 3 Apple, Google, Redhat | 3 Iphone Os, Chrome, Rhel Extras | 2024-08-04 | 4.3 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2024-08-04 | 5.3 Medium |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | ||||
| CVE-2019-8901 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-04 | 6.5 Medium |
| This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | ||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-08-04 | 4.3 Medium |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | ||||
| CVE-2019-8795 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-8792 | 2 Apple, Google | 3 Iphone Os, Shazam, Android | 2024-08-04 | 8.8 High |
| An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | ||||
| CVE-2019-8856 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-08-04 | 3.3 Low |
| An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans. | ||||
| CVE-2019-8833 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2019-8846 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-08-04 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8857 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-04 | 3.3 Low |
| The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel. | ||||