High
CVE-2016-7576
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
Tag: Apple iOS
All CVEs associated with "Apple iOS". Page 29/48 • 5688 CVEs.
Subscribe CVEs: RSS for “Apple iOS” · RSS (High+Critical only)
About “Apple iOS”
A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2019-01-11
Medium
CVE-2016-4644
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue…
Medium
CVE-2016-4643
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through…
Medium
CVE-2016-4642
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This is…
2019-01-10
Medium
CVE-2018-0484
A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despit…
Medium
CVE-2018-0282
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state cond…
2019-01-09
Medium
CVE-2018-6113
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Medium
CVE-2018-20069
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page…
2018-12-31
High
CVE-2018-6344
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android…
Medium
CVE-2018-19937
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
2018-11-29
Medium
CVE-2018-19527
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
2018-11-15
Medium
CVE-2018-0691
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.28…
2018-11-14
Medium
CVE-2018-17475
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Critical
CVE-2018-17472
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
Medium
CVE-2018-17464
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
2018-11-08
Medium
CVE-2018-19111
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
2018-10-17
High
CVE-2018-0441
A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on…
2018-10-09
High
CVE-2018-18071
An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be use…
2018-10-05
Medium
CVE-2018-15428
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condit…
High
CVE-2018-15377
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote…
Medium
CVE-2018-15376
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values…
Medium
CVE-2018-15375
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values…
Medium
CVE-2018-15374
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulner…
High
CVE-2018-15373
A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on…
High
CVE-2018-15372
A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, ad…
Medium
CVE-2018-15371
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of…
Medium
CVE-2018-15370
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and loa…
Medium
CVE-2018-15369
A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a d…
Medium
CVE-2018-15368
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary comman…
Medium
CVE-2018-0481
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. T…
Medium
CVE-2018-0480
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condit…
Medium
CVE-2018-0477
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. T…
Medium
CVE-2018-0476
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
High
CVE-2018-0475
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) con…
High
CVE-2018-0473
A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time…
High
CVE-2018-0472
A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker…
High
CVE-2018-0471
A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead…
High
CVE-2018-0470
A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of serv…
Medium
CVE-2018-0469
A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-…
High
CVE-2018-0467
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handl…
Medium
CVE-2018-0466
A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to rel…
Medium
CVE-2018-0197
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on…
2018-10-02
Medium
CVE-2018-11752
Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 r…
Medium
CVE-2018-11750
Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.
2018-09-11
Medium
CVE-2018-6976
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite…
Medium
CVE-2018-6975
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
2018-08-29
High
CVE-2018-16132
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allow…
2018-08-16
High
CVE-2018-13435
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcod…
Medium
CVE-2018-13434
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boo…
2018-08-15
High
CVE-2017-13104
Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to…
High
CVE-2017-13102
Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
High
CVE-2017-13101
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access…
High
CVE-2017-13100
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
2018-08-14
Medium
CVE-2018-0131
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Inte…
2018-08-07
Medium
CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently…
2018-07-24
Medium
CVE-2017-3182
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) atta…
2018-07-13
High
CVE-2016-6562
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position…
2018-07-12
Medium
CVE-2017-14710
The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers…
High
CVE-2017-14709
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the…
Medium
CVE-2017-14612
"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…
2018-07-10
Critical
CVE-2018-13850
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username…
2018-07-06
High
CVE-2016-6541
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Andro…
Medium
CVE-2016-6540
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered a…
Low
CVE-2016-6539
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetoot…
High
CVE-2016-6538
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been r…
2018-06-26
High
CVE-2018-0611
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cr…
2018-06-13
Medium
CVE-2018-12271
An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean…
2018-06-08
Medium
CVE-2018-4252
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection…
Medium
CVE-2018-4250
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted mess…
High
CVE-2018-4249
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pk…
Medium
CVE-2018-4247
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a deni…
High
CVE-2018-4246
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4244
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact…
High
CVE-2018-4243
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
High
CVE-2018-4241
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
Medium
CVE-2018-4240
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
Medium
CVE-2018-4239
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protec…
Low
CVE-2018-4238
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection…
High
CVE-2018-4237
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
Medium
CVE-2018-4235
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
High
CVE-2018-4233
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4232
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4227
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the clear…
Medium
CVE-2018-4226
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4225
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4224
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4223
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
High
CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4221
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by le…
High
CVE-2018-4218
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4215
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to gain privileges or cause a denial of service (buff…
High
CVE-2018-4214
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4211
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
High
CVE-2018-4206
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affe…
High
CVE-2018-4204
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before…
Medium
CVE-2018-4202
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to s…
High
CVE-2018-4201
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4200
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4199
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4198
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves th…
High
CVE-2018-4192
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
High
CVE-2018-4190
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4188
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected…
Medium
CVE-2018-4187
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It al…
2018-06-07
Medium
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could…
Critical
CVE-2018-0315
A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an a…
2018-05-30
Medium
CVE-2018-11477
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this…
2018-05-14
Medium
CVE-2018-0591
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…
2018-05-08
Medium
CVE-2018-10812
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.bi…
2018-05-03
High
CVE-2018-4849
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate valid…
2018-05-02
Medium
CVE-2018-0286
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is…
Medium
CVE-2018-0247
A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attac…
2018-04-23
Medium
CVE-2018-4847
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens Win…
2018-04-19
Medium
CVE-2018-0257
A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resul…
High
CVE-2018-0255
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against…
High
CVE-2018-0241
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device…
2018-04-16
Medium
CVE-2018-0560
Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.
2018-04-13
Medium
CVE-2018-4173
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access…
2018-04-10
Medium
CVE-2018-9840
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking o…
2018-04-03
Medium
CVE-2018-4174
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to rea…