Update Safari to version 3.525.21.0
What patches are you missing?
CVE Vulnerabilities for Safari
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
| CVE‑2024‑44309 | 2024‑11‑20 00:15:17 | MEDIUM (6) | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 3 | 3 | NETWORK |
| CVE‑2024‑44308 | 2024‑11‑20 00:15:17 | HIGH (9) | The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 3 | 6 | NETWORK |
| CVE‑2022‑26717 | 2022‑11‑01 20:15:17 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2022‑22629 | 2022‑09‑23 20:15:09 | HIGH (9) | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2021‑30849 | 2021‑10‑19 14:15:10 | HIGH (8) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2021‑23841 | 2021‑02‑16 17:15:13 | MEDIUM (6) | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | 2 | 4 | NETWORK |
| CVE‑2021‑1825 | 2021‑09‑08 15:15:10 | MEDIUM (6) | An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 3 | NETWORK |
| CVE‑2020‑9947 | 2020‑12‑08 20:15:17 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9936 | 2020‑10‑16 17:15:18 | HIGH (8) | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2020‑9925 | 2020‑10‑16 17:15:17 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2020‑9916 | 2020‑10‑16 17:15:17 | MEDIUM (5) | A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | 4 | 1 | NETWORK |
| CVE‑2020‑9915 | 2020‑10‑16 17:15:17 | MEDIUM (7) | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 3 | 4 | NETWORK |
| CVE‑2020‑9910 | 2020‑10‑16 17:15:17 | HIGH (9) | Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 3 | 6 | NETWORK |
| CVE‑2020‑9895 | 2020‑10‑16 17:15:16 | CRITICAL (10) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 4 | 6 | NETWORK |
| CVE‑2020‑9894 | 2020‑10‑16 17:15:16 | MEDIUM (4) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 3 | 1 | NETWORK |
| CVE‑2020‑9893 | 2020‑10‑16 17:15:16 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9862 | 2020‑10‑16 17:15:15 | HIGH (8) | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | 2 | 6 | LOCAL |
| CVE‑2020‑9850 | 2020‑06‑09 17:15:15 | CRITICAL (10) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | 4 | 6 | NETWORK |
| CVE‑2020‑9843 | 2020‑06‑09 17:15:15 | HIGH (7) | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 4 | NETWORK |
| CVE‑2020‑9807 | 2020‑06‑09 17:15:13 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9806 | 2020‑06‑09 17:15:12 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9805 | 2020‑06‑09 17:15:12 | HIGH (7) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 4 | NETWORK |
| CVE‑2020‑9803 | 2020‑06‑09 17:15:12 | HIGH (9) | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9802 | 2020‑06‑09 17:15:12 | HIGH (9) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9800 | 2020‑06‑09 17:15:12 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9783 | 2020‑04‑01 18:15:18 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑6514 | 2020‑07‑22 17:15:13 | MEDIUM (7) | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | 3 | 4 | NETWORK |
| CVE‑2020‑3902 | 2020‑04‑01 18:15:17 | MEDIUM (6) | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 3 | NETWORK |
| CVE‑2020‑3901 | 2020‑04‑01 18:15:17 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3900 | 2020‑04‑01 18:15:17 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3899 | 2020‑04‑01 18:15:16 | HIGH (9) | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3897 | 2020‑04‑01 18:15:16 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3895 | 2020‑04‑01 18:15:16 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3894 | 2020‑04‑01 18:15:16 | LOW (3) | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | 2 | 1 | NETWORK |
| CVE‑2020‑3887 | 2020‑04‑01 18:15:16 | MEDIUM (4) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. | 3 | 1 | NETWORK |
| CVE‑2020‑3885 | 2020‑04‑01 18:15:16 | MEDIUM (4) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. | 3 | 1 | NETWORK |
| CVE‑2020‑3868 | 2020‑02‑27 21:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3867 | 2020‑02‑27 21:15:18 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2020‑3865 | 2020‑02‑27 21:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3864 | 2020‑10‑27 21:15:15 | HIGH (8) | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. | 2 | 6 | LOCAL |
| CVE‑2020‑3862 | 2020‑02‑27 21:15:18 | MEDIUM (7) | A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. | 3 | 4 | NETWORK |
| CVE‑2020‑3825 | 2020‑02‑27 21:15:16 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑27918 | 2020‑12‑08 22:15:19 | HIGH (8) | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2020‑15969 | 2020‑11‑03 03:15:13 | HIGH (9) | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 3 | 6 | NETWORK |
| CVE‑2020‑15138 | 2020‑08‑07 17:15:10 | HIGH (8) | Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | 2 | 5 | NETWORK |
| CVE‑2019‑8898 | 2020‑10‑27 21:15:14 | MEDIUM (4) | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | 3 | 1 | NETWORK |
| CVE‑2019‑8848 | 2020‑10‑27 21:15:13 | HIGH (8) | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8846 | 2020‑10‑27 21:15:13 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8844 | 2020‑10‑27 20:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8835 | 2020‑10‑27 20:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8827 | 2020‑10‑27 20:15:20 | MEDIUM (4) | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. | 3 | 1 | NETWORK |
| CVE‑2019‑8823 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8822 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8821 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8820 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8819 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8816 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8815 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8814 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8813 | 2019‑12‑18 18:15:44 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8812 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8811 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8808 | 2019‑12‑18 18:15:43 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8783 | 2019‑12‑18 18:15:41 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8782 | 2019‑12‑18 18:15:41 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8773 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8763 | 2019‑12‑18 18:15:39 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8762 | 2020‑10‑27 20:15:19 | MEDIUM (6) | A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8752 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8751 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8749 | 2020‑10‑27 20:15:18 | CRITICAL (10) | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | 4 | 6 | NETWORK |
| CVE‑2019‑8734 | 2020‑10‑27 20:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8728 | 2020‑10‑27 20:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8690 | 2019‑12‑18 18:15:35 | MEDIUM (6) | A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8689 | 2019‑12‑18 18:15:35 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8688 | 2019‑12‑18 18:15:35 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8687 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8686 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8685 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8684 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8683 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8681 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8680 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8679 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8678 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8677 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8676 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8673 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8672 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8671 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8669 | 2019‑12‑18 18:15:32 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8666 | 2019‑12‑18 18:15:32 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8658 | 2019‑12‑18 18:15:32 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8649 | 2019‑12‑18 18:15:31 | MEDIUM (6) | A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8644 | 2019‑12‑18 18:15:31 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8639 | 2020‑10‑27 20:15:17 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8638 | 2020‑10‑27 20:15:16 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8628 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8623 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8622 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8619 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8615 | 2019‑12‑18 18:15:29 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 4 | NETWORK |
| CVE‑2019‑8611 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8610 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8609 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8608 | 2019‑12‑18 18:15:29 | MEDIUM (6) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 3 | NETWORK |
| CVE‑2019‑8607 | 2019‑12‑18 18:15:29 | MEDIUM (7) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. | 3 | 4 | NETWORK |
| CVE‑2019‑8602 | 2019‑12‑18 18:15:29 | HIGH (8) | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8601 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8597 | 2019‑12‑18 18:15:28 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 4 | NETWORK |
| CVE‑2019‑8596 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8595 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8594 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8587 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8586 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8584 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8583 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8577 | 2019‑12‑18 18:15:27 | HIGH (8) | An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8571 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8570 | 2020‑10‑27 20:15:15 | MEDIUM (7) | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2019‑8563 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8562 | 2019‑12‑18 18:15:26 | CRITICAL (10) | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. | 3 | 6 | NETWORK |
| CVE‑2019‑8559 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8558 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8556 | 2019‑12‑18 18:15:26 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8551 | 2019‑12‑18 18:15:26 | MEDIUM (6) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8544 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8536 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8535 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8524 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8523 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8518 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8515 | 2019‑12‑18 18:15:23 | MEDIUM (7) | A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2019‑8506 | 2019‑12‑18 18:15:23 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8503 | 2019‑12‑18 18:15:23 | HIGH (9) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | 3 | 6 | NETWORK |
| CVE‑2019‑7292 | 2019‑12‑18 18:15:22 | MEDIUM (7) | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | 3 | 4 | NETWORK |
| CVE‑2019‑7285 | 2019‑12‑18 18:15:22 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑6237 | 2019‑12‑18 18:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑6234 | 2019‑03‑05 16:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6233 | 2019‑03‑05 16:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6229 | 2019‑03‑05 16:29:03 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | 0 | 0 | NETWORK |
| CVE‑2019‑6227 | 2019‑03‑05 16:29:02 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6226 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6217 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6216 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6215 | 2019‑03‑05 16:29:01 | MEDIUM (7) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6212 | 2019‑03‑05 16:29:01 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6201 | 2019‑12‑18 18:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2018‑4474 | 2020‑10‑27 20:15:14 | HIGH (8) | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. | 4 | 4 | NETWORK |
| CVE‑2018‑4464 | 2019‑04‑03 18:29:17 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4444 | 2020‑10‑27 20:15:14 | MEDIUM (7) | A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2018‑4443 | 2019‑04‑03 18:29:17 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4442 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4441 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4440 | 2019‑04‑03 18:29:16 | MEDIUM (4) | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4439 | 2019‑04‑03 18:29:16 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4438 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4437 | 2019‑04‑03 18:29:16 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4416 | 2019‑04‑03 18:29:14 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4409 | 2019‑04‑03 18:29:14 | MEDIUM (4) | A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4392 | 2019‑04‑03 18:29:13 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4386 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4382 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4378 | 2019‑04‑03 18:29:12 | MEDIUM (7) | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4377 | 2019‑04‑03 18:29:12 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4376 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4375 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4374 | 2019‑04‑03 18:29:11 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4373 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4372 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4361 | 2019‑04‑03 18:29:10 | MEDIUM (7) | A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4360 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4359 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4358 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4345 | 2019‑04‑03 18:29:09 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4328 | 2019‑04‑03 18:29:08 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4323 | 2019‑04‑03 18:29:08 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4319 | 2019‑04‑03 18:29:08 | MEDIUM (6) | A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4318 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4317 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4316 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4315 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4314 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4312 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4311 | 2019‑04‑03 18:29:07 | MEDIUM (6) | The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4309 | 2019‑04‑03 18:29:07 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4306 | 2019‑04‑03 18:29:06 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4299 | 2019‑04‑03 18:29:06 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4284 | 2019‑04‑03 18:29:05 | MEDIUM (7) | A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4278 | 2019‑01‑11 18:29:03 | MEDIUM (4) | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | 0 | 0 | NETWORK |
| CVE‑2018‑4273 | 2019‑04‑03 18:29:05 | MEDIUM (4) | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4272 | 2019‑04‑03 18:29:05 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4271 | 2019‑04‑03 18:29:04 | MEDIUM (4) | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4270 | 2019‑04‑03 18:29:04 | MEDIUM (4) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4269 | 2019‑04‑03 18:29:04 | MEDIUM (7) | A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4267 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4266 | 2019‑04‑03 18:29:04 | MEDIUM (4) | A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4265 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4264 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4263 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4262 | 2019‑01‑11 18:29:03 | MEDIUM (7) | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. | 0 | 0 | NETWORK |
| CVE‑2018‑4261 | 2019‑04‑03 18:29:03 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4246 | 2018‑06‑08 18:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion. | 0 | 0 | NETWORK |
| CVE‑2018‑4233 | 2018‑06‑08 18:29:02 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 3 | 6 | NETWORK |
| CVE‑2018‑4232 | 2018‑06‑08 18:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4222 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | 0 | 0 | NETWORK |
| CVE‑2018‑4218 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | 0 | 0 | NETWORK |
| CVE‑2018‑4214 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4213 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4212 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4210 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4209 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4208 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4207 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4204 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4201 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4200 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. | 0 | 0 | NETWORK |
| CVE‑2018‑4199 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4197 | 2019‑04‑03 18:29:03 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4192 | 2018‑06‑08 18:29:01 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. | 0 | 0 | NETWORK |
| CVE‑2018‑4191 | 2019‑04‑03 18:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4190 | 2018‑06‑08 18:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | 0 | 0 | NETWORK |
| CVE‑2018‑4188 | 2018‑06‑08 18:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4165 | 2018‑04‑03 06:29:08 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4163 | 2018‑04‑03 06:29:08 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4162 | 2018‑04‑03 06:29:07 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4161 | 2018‑04‑03 06:29:07 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4147 | 2019‑01‑11 18:29:01 | MEDIUM (7) | In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. | 0 | 0 | NETWORK |
| CVE‑2018‑4146 | 2018‑04‑03 06:29:07 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4145 | 2019‑04‑03 18:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4. | 0 | 0 | NETWORK |
| CVE‑2018‑4130 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4129 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4128 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4127 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4125 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4122 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4121 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4120 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4119 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4118 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4117 | 2018‑04‑03 06:29:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4114 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4113 | 2018‑04‑03 06:29:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | 0 | 0 | NETWORK |
| CVE‑2018‑4101 | 2018‑04‑03 06:29:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4096 | 2018‑04‑03 06:29:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4088 | 2018‑04‑03 06:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7165 | 2018‑04‑03 06:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7160 | 2017‑12‑27 17:08:25 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7157 | 2017‑12‑27 17:08:24 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7156 | 2017‑12‑27 17:08:24 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7153 | 2018‑04‑03 06:29:02 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. | 0 | 0 | NETWORK |
| CVE‑2017‑7120 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7117 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7111 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7109 | 2017‑10‑23 01:29:13 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. | 0 | 0 | NETWORK |
| CVE‑2017‑7107 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7104 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7102 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7100 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7099 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7098 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7096 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7095 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7094 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7093 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7092 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7091 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7090 | 2017‑10‑23 01:29:12 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. | 0 | 0 | NETWORK |
| CVE‑2017‑7087 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7081 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7064 | 2017‑07‑20 16:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7061 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7056 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7055 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7052 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7049 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7048 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7046 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7043 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7042 | 2017‑07‑20 16:29:02 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7041 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7040 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7039 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7037 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7034 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7030 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7020 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7019 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7018 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7012 | 2017‑07‑20 16:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑6984 | 2017‑05‑22 05:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2480 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2479 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2463 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2366 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2356 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2355 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2354 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13885 | 2018‑04‑03 06:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13884 | 2018‑04‑03 06:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13870 | 2017‑12‑25 21:29:15 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13866 | 2017‑12‑25 21:29:14 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13856 | 2017‑12‑25 21:29:14 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13803 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13802 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13798 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13797 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13796 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13795 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13794 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13793 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13792 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13791 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13788 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13785 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13784 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13783 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7656 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7654 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7652 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7649 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7648 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7646 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7645 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7642 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7641 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7640 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7639 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7635 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7632 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7611 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7610 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7599 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. | 0 | 0 | NETWORK |
| CVE‑2016‑7598 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7592 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7589 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7587 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7586 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7578 | 2017‑02‑20 08:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4769 | 2016‑09‑25 11:00:03 | MEDIUM (7) | WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4768 | 2016‑09‑25 11:00:02 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. | 0 | 0 | NETWORK |
| CVE‑2016‑4767 | 2016‑09‑25 11:00:00 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4766 | 2016‑09‑25 10:59:59 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4765 | 2016‑09‑25 10:59:58 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4764 | 2017‑02‑20 08:59:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 3 | 6 | NETWORK |
| CVE‑2016‑4763 | 2016‑09‑25 10:59:57 | MEDIUM (5) | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 0 | 0 | NETWORK |
| CVE‑2016‑4762 | 2016‑09‑25 10:59:56 | MEDIUM (7) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4760 | 2016‑09‑25 10:59:55 | MEDIUM (4) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | 0 | 0 | NETWORK |
| CVE‑2016‑4759 | 2016‑09‑25 10:59:54 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4758 | 2016‑09‑25 10:59:53 | MEDIUM (4) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4743 | 2017‑02‑20 08:59:01 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4728 | 2016‑09‑25 10:59:32 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4692 | 2017‑02‑20 08:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4613 | 2017‑02‑20 08:59:00 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1728 | 2016‑02‑01 11:59:13 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑7014 | 2015‑10‑23 21:59:49 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7012 | 2015‑10‑23 21:59:47 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7011 | 2015‑10‑23 21:59:46 | MEDIUM (7) | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7002 | 2015‑10‑23 21:59:39 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5931 | 2015‑10‑23 21:59:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5930 | 2015‑10‑23 21:59:07 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5929 | 2015‑10‑23 21:59:06 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5928 | 2015‑10‑23 21:59:05 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5826 | 2015‑09‑18 10:59:45 | MEDIUM (4) | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑5823 | 2015‑09‑18 10:59:42 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5822 | 2015‑09‑18 10:59:41 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5821 | 2015‑09‑18 10:59:40 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5819 | 2015‑09‑18 10:59:38 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5818 | 2015‑09‑18 10:59:37 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5817 | 2015‑09‑18 10:59:36 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5816 | 2015‑09‑18 10:59:35 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5815 | 2015‑09‑18 10:59:34 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5814 | 2015‑09‑18 10:59:33 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5813 | 2015‑09‑18 10:59:32 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5812 | 2015‑09‑18 10:59:31 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5811 | 2015‑09‑18 10:59:30 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5810 | 2015‑09‑18 10:59:29 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5809 | 2015‑09‑18 10:59:28 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5808 | 2015‑09‑18 10:59:27 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5807 | 2015‑09‑18 10:59:26 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5806 | 2015‑09‑18 10:59:26 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5805 | 2015‑09‑18 10:59:25 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5804 | 2015‑09‑18 10:59:24 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5803 | 2015‑09‑18 10:59:23 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5802 | 2015‑09‑18 10:59:22 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5801 | 2015‑09‑18 10:59:21 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5800 | 2015‑09‑18 10:59:20 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5799 | 2015‑09‑18 10:59:19 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5798 | 2015‑09‑18 10:59:18 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5797 | 2015‑09‑18 10:59:17 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5796 | 2015‑09‑18 10:59:16 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5795 | 2015‑09‑18 10:59:15 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5794 | 2015‑09‑18 10:59:13 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5793 | 2015‑09‑18 10:59:12 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5792 | 2015‑09‑18 10:59:11 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5791 | 2015‑09‑18 10:59:10 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5790 | 2015‑09‑18 10:59:09 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5789 | 2015‑09‑18 10:59:08 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2014‑4465 | 2014‑12‑10 21:59:03 | MEDIUM (5) | WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. | 0 | 0 | NETWORK |
| CVE‑2014‑3192 | 2014‑10‑08 10:55:06 | HIGH (8) | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2014‑1300 | 2014‑03‑26 14:55:06 | HIGH (10) | Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. | 0 | 0 | NETWORK |
| CVE‑2012‑5851 | 2012‑11‑15 11:58:40 | MEDIUM (4) | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | 0 | 0 | NETWORK |
| CVE‑2012‑3695 | 2012‑07‑25 19:55:06 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | 0 | 0 | NETWORK |
| CVE‑2012‑3691 | 2012‑07‑25 19:55:06 | MEDIUM (6) | WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑1521 | 2012‑05‑01 10:12:04 | MEDIUM (7) | Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2012‑0637 | 2012‑03‑08 22:55:04 | HIGH (8) | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0636 | 2012‑03‑08 22:55:04 | HIGH (8) | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 0 | 0 | NETWORK |
| CVE‑2011‑4692 | 2011‑12‑07 19:55:03 | MEDIUM (5) | WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | 0 | 0 | NETWORK |
| CVE‑2011‑3971 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. | 0 | 0 | NETWORK |
| CVE‑2011‑3969 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. | 0 | 0 | NETWORK |
| CVE‑2011‑3968 | 2012‑02‑09 04:10:29 | MEDIUM (4) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. | 0 | 0 | NETWORK |
| CVE‑2011‑3966 | 2012‑02‑09 04:10:29 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. | 0 | 0 | NETWORK |
| CVE‑2011‑3958 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3928 | 2012‑01‑24 04:03:37 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3926 | 2012‑01‑24 04:03:36 | HIGH (8) | Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3924 | 2012‑01‑24 04:03:36 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. | 0 | 0 | NETWORK |
| CVE‑2011‑3913 | 2011‑12‑13 21:55:01 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3909 | 2011‑12‑13 21:55:01 | MEDIUM (5) | The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3908 | 2011‑12‑13 21:55:01 | MEDIUM (5) | Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3897 | 2011‑11‑11 11:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. | 0 | 0 | NETWORK |
| CVE‑2011‑3888 | 2011‑10‑25 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. | 0 | 0 | NETWORK |
| CVE‑2011‑3887 | 2011‑10‑25 19:55:02 | MEDIUM (5) | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3885 | 2011‑10‑25 19:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | 0 | 0 | NETWORK |
| CVE‑2011‑3881 | 2011‑10‑25 19:55:02 | MEDIUM (4) | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | 0 | 0 | NETWORK |
| CVE‑2011‑3845 | 2012‑03‑08 04:15:03 | HIGH (8) | Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. | 0 | 0 | NETWORK |
| CVE‑2011‑3443 | 2012‑03‑02 00:55:02 | HIGH (8) | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. | 0 | 0 | NETWORK |
| CVE‑2011‑3234 | 2011‑09‑19 12:02:57 | MEDIUM (5) | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3081 | 2012‑05‑01 10:12:04 | HIGH (9) | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. | 0 | 0 | NETWORK |
| CVE‑2011‑3078 | 2012‑05‑01 10:12:04 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081. | 0 | 0 | NETWORK |
| CVE‑2011‑3076 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3075 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. | 0 | 0 | NETWORK |
| CVE‑2011‑3074 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. | 0 | 0 | NETWORK |
| CVE‑2011‑3073 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. | 0 | 0 | NETWORK |
| CVE‑2011‑3071 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3069 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. | 0 | 0 | NETWORK |
| CVE‑2011‑3068 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. | 0 | 0 | NETWORK |
| CVE‑2011‑3067 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3064 | 2012‑03‑30 22:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. | 0 | 0 | NETWORK |
| CVE‑2011‑3060 | 2012‑03‑30 22:55:02 | MEDIUM (7) | Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3059 | 2012‑03‑30 22:55:01 | MEDIUM (7) | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3056 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | 0 | 0 | NETWORK |
| CVE‑2011‑3053 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | 0 | 0 | NETWORK |
| CVE‑2011‑3050 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | 0 | 0 | NETWORK |
| CVE‑2011‑3046 | 2012‑03‑09 00:55:01 | HIGH (10) | The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 0 | 0 | NETWORK |
| CVE‑2011‑3044 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3043 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3042 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections. | 0 | 0 | NETWORK |
| CVE‑2011‑3041 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes. | 0 | 0 | NETWORK |
| CVE‑2011‑3040 | 2012‑03‑05 19:55:02 | MEDIUM (4) | Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3039 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3038 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3037 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3036 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3035 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3034 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document. | 0 | 0 | NETWORK |
| CVE‑2011‑3032 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values. | 0 | 0 | NETWORK |
| CVE‑2011‑3027 | 2012‑02‑16 20:55:04 | MEDIUM (4) | Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3021 | 2012‑02‑16 20:55:04 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. | 0 | 0 | NETWORK |
| CVE‑2011‑3016 | 2012‑02‑16 20:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. | 0 | 0 | NETWORK |
| CVE‑2011‑2877 | 2011‑10‑04 20:55:02 | MEDIUM (7) | Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | 0 | 0 | NETWORK |
| CVE‑2011‑2860 | 2011‑09‑19 12:02:56 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | 0 | 0 | NETWORK |
| CVE‑2011‑2857 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | 0 | 0 | NETWORK |
| CVE‑2011‑2855 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | 0 | 0 | NETWORK |
| CVE‑2011‑2854 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | 0 | 0 | NETWORK |
| CVE‑2011‑2847 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑2846 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | 0 | 0 | NETWORK |
| CVE‑2011‑2845 | 2011‑10‑25 19:55:01 | MEDIUM (4) | Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2827 | 2011‑08‑29 15:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | 0 | 0 | NETWORK |
| CVE‑2011‑2825 | 2011‑08‑29 15:55:02 | HIGH (9) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | 0 | 0 | NETWORK |
| CVE‑2011‑2823 | 2011‑08‑29 15:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. | 0 | 0 | NETWORK |
| CVE‑2011‑2819 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. | 0 | 0 | NETWORK |
| CVE‑2011‑2818 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. | 0 | 0 | NETWORK |
| CVE‑2011‑2805 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2800 | 2011‑08‑03 00:55:02 | MEDIUM (4) | Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑2799 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling. | 0 | 0 | NETWORK |
| CVE‑2011‑2797 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching. | 0 | 0 | NETWORK |
| CVE‑2011‑2792 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal. | 0 | 0 | NETWORK |
| CVE‑2011‑2790 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles. | 0 | 0 | NETWORK |
| CVE‑2011‑2788 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2359 | 2011‑08‑03 00:55:01 | MEDIUM (7) | Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑2351 | 2011‑06‑29 17:55:04 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | 0 | 0 | NETWORK |
| CVE‑2011‑1451 | 2011‑05‑03 22:55:02 | HIGH (8) | Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | 0 | 0 | NETWORK |
| CVE‑2011‑1449 | 2011‑05‑03 22:55:02 | MEDIUM (7) | Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1440 | 2011‑05‑03 22:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | 0 | 0 | NETWORK |
| CVE‑2011‑1296 | 2011‑03‑25 19:55:01 | HIGH (8) | Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1295 | 2011‑03‑25 19:55:01 | HIGH (8) | WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1293 | 2011‑03‑25 19:55:01 | HIGH (8) | Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1204 | 2011‑03‑11 02:01:20 | MEDIUM (7) | Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑1203 | 2011‑03‑11 02:01:20 | HIGH (8) | Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1190 | 2011‑03‑11 02:01:19 | MEDIUM (5) | The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | 0 | 0 | NETWORK |
| CVE‑2011‑1188 | 2011‑03‑11 02:01:19 | HIGH (8) | Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1121 | 2011‑03‑01 23:00:04 | HIGH (8) | Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element. | 0 | 0 | NETWORK |
| CVE‑2011‑1117 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes." | 0 | 0 | NETWORK |
| CVE‑2011‑1115 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1114 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | 0 | 0 | NETWORK |
| CVE‑2011‑1109 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1107 | 2011‑03‑01 23:00:03 | MEDIUM (4) | Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑0983 | 2011‑02‑10 19:00:02 | HIGH (8) | Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑0981 | 2011‑02‑10 19:00:02 | HIGH (8) | Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑0244 | 2011‑07‑21 23:55:02 | MEDIUM (4) | WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | 0 | 0 | NETWORK |
| CVE‑2011‑0161 | 2011‑03‑11 22:55:03 | MEDIUM (4) | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑0132 | 2011‑03‑03 20:00:02 | HIGH (8) | Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0115 | 2011‑03‑03 20:00:02 | HIGH (8) | The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | 0 | 0 | NETWORK |
| CVE‑2010‑4494 | 2010‑12‑07 21:00:10 | HIGH (8) | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | 0 | 0 | NETWORK |
| CVE‑2010‑4008 | 2010‑11‑17 01:00:03 | MEDIUM (4) | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 0 | 0 | NETWORK |
| CVE‑2010‑3822 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3821 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3819 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3817 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3638 | 2010‑11‑07 22:00:02 | MEDIUM (4) | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2010‑3259 | 2010‑09‑07 18:00:03 | MEDIUM (4) | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3257 | 2010‑09‑07 18:00:03 | HIGH (9) | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | 0 | 0 | NETWORK |
| CVE‑2010‑3116 | 2010‑08‑24 20:00:02 | HIGH (10) | Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | 0 | 0 | NETWORK |
| CVE‑2010‑2264 | 2010‑06‑11 19:30:24 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1823 | 2010‑09‑24 19:00:04 | HIGH (9) | Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. | 0 | 0 | NETWORK |
| CVE‑2010‑1822 | 2010‑10‑04 21:00:04 | HIGH (9) | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. | 3 | 6 | NETWORK |
| CVE‑2010‑1784 | 2010‑07‑30 20:30:02 | HIGH (9) | The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1770 | 2010‑06‑11 19:30:20 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1749 | 2010‑06‑11 18:00:49 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. | 0 | 0 | NETWORK |
| CVE‑2010‑1417 | 2010‑06‑11 18:00:49 | HIGH (9) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. | 0 | 0 | NETWORK |
| CVE‑2010‑1401 | 2010‑06‑11 18:00:29 | HIGH (9) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. | 0 | 0 | NETWORK |
| CVE‑2010‑1393 | 2010‑06‑11 18:00:24 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. | 0 | 0 | NETWORK |
| CVE‑2010‑1390 | 2010‑06‑11 18:00:21 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1029 | 2010‑03‑19 21:30:00 | MEDIUM (5) | Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | 0 | 0 | NETWORK |
| CVE‑2010‑0651 | 2010‑02‑18 18:00:01 | MEDIUM (4) | WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2010‑0650 | 2010‑02‑18 18:00:01 | LOW (3) | WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | 0 | 0 | NETWORK |
| CVE‑2010‑0053 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. | 0 | 0 | NETWORK |
| CVE‑2010‑0046 | 2010‑03‑15 13:28:26 | HIGH (9) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. | 0 | 0 | NETWORK |
| CVE‑2010‑0043 | 2010‑03‑15 13:28:25 | HIGH (9) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 0 | 0 | NETWORK |
| CVE‑2010‑0042 | 2010‑03‑15 13:28:25 | MEDIUM (4) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | 0 | 0 | NETWORK |
| CVE‑2010‑0041 | 2010‑03‑15 13:28:25 | MEDIUM (4) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | 0 | 0 | NETWORK |
| CVE‑2010‑0040 | 2010‑03‑15 13:28:25 | HIGH (9) | Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | 0 | 0 | NETWORK |
Get the IT stuff done that nobody wants to do.
Patch more applications, achieve compliance, and prevent problems while reducing stress with Lavawall®.
Security First
A security tool by security auditors. From Passkeys and Argon2i to source validation and MVSP principles, Lavawall® has you covered.
Constant Improvement
More features and more security added nearly every day.
More patchable programs added every week
While Ninite and other patching tools have had the same patch offerings for decades, we're monitoring stats to keep adding the most useful programs (currently over 7,438)!
Details matter
From wrapping TLS communications in extra encryption and uninstalling remote support tools when they aren't used to detailed statistical analysis of system and network performance, Lavawall® goes in-depth.
Human and automated support
Get immediate fixes, user notifications, admin notifications -- and even security-certified human level 3 support when our advanced statistical analysis confirms a problem or anomaly.
We are constantly improving the Lavawall® tools to add more value. Some of our most recent changes include:
| 2025‑01‑29 | 0.12.35.222 | Risk score refinements |
| 2025‑01‑17 | 0.12.29.216 | Enhanced compliance and non-standard AV |
| 2025‑01‑13 | 0.12.28.215 | Improved process graphs |
| 2025‑01‑07 | 0.12.27.214 | Antivirus details, compliance |
| 2024‑12‑27 | 0.12.24.211 | |
| 2024‑12‑02 | 0.12.19.206 | |
| 2024‑11‑22 | 0.12.18.205 | |
| 2024‑10‑30 | 0.12.8.195 | Mac update refinements |
| 2024‑10‑25 | 0.12.3.190 | |
| 2024‑10‑21 | 0.12.0.187 | Macos implementaiton, linux and windows improvements |
| 2024‑10‑16 | 0.11.128.186 | Linux stats and system information improvements, improvements for application shutdown |
| 2024‑09‑12 | 0.11.113.171 | CPU Optimizations and Packages reliability improvements |
| 2024‑09‑05 | 0.11.106.164 | Phased deployment enhancements |
| 2024‑09‑04 | 0.11.103.161 | |
| 2024‑09‑02 | 0.11.102.160 | CPU Optimizations and Packages reliability improvements |
| 2024‑08‑30 | 0.11.99.157 | CPU Optimizations and Packages reliability improvements |
| 2024‑08‑29 | 0.11.98.156 | CPU utilization and console event optimization |
| 2024‑08‑28 | 0.11.97.155 | Reliability to detect unusual updates like redistributables. |
| 2024‑08‑27 | 0.11.96.154 | |
| 2024‑08‑26 | 0.11.95.153 | Faster response for reboot requests |
| 2024‑08‑20 | 0.11.92.150 | Additional package upgrade pre-requisites |
| 2024‑08‑15 | 0.11.89.147 | |
| 2024‑08‑06 | 0.11.87.145 | |
| 2024‑07‑26 | 0.11.83.141 | Add resiliency for MAC duplicates and uptime |
| 2024‑07‑25 | 0.11.82.140 | Changes to facilitate cross-platform use. Bitlocker and Windows key refinements |
| 2024‑07‑15 | 0.11.80.138 | Antivirus and temperature added to configuration checks |
| 2024‑07‑15 | 0.11.79.137 | Add configuration checks for execution policy and secure boot |
| 2024‑07‑11 | 0.11.77.135 | load balancing refinements |
| 2024‑07‑10 | 0.11.76.134 | Add additional load balancing and data residency capabilities, add randomness to recurring task timings to decrease server load |
| 2024‑07‑05 | 0.11.74.132 | changes to graph and residual work on user imporsonation |
| 2024‑07‑04 | 0.11.73.131 | Add configuration checks for execution policy and secure boot. |
| 2024‑07‑03 | 0.11.72.130 | Enhanced event log monitoring |
| 2024‑07‑02 | 0.11.71.129 | Add details to Windows updates, enhanced risk metrics for application patches |
| 2024‑06‑19 | 0.11.65.123 | Update resiliancy and garbage collection |
| 2024‑06‑13 | 0.11.60.118 | Enhanced logging |
| 2024‑06‑12 | 0.11.55.113 | Include the primary drive serial number; MAC addresses for built-in wireless, Bluetooth, and ethernet into the device hash to restore uninstalled and reinstalled devices in cases where the motherboard serial is not unique |
| 2024‑06‑07 | 0.11.54.112 | Patch and package uninstall data addition |
| 2024‑06‑05 | 0.11.47.105 | refine per-user registry application listing |
| 2024‑06‑02 | 0.11.45.103 | uninstall and reinstall refinements, refine local logging, refine self-update and uninstall timing |
| 2024‑05‑30 | 0.11.21.79 | various bug fixes and improvements |
| 2024‑05‑28 | 0.11.16.74 | Error logging, registration, and uninstall improvements. |
| 2024‑05‑24 | 0.11.14.72 | applied changes for devices and login commands, changes for registration as well |
| 2024‑05‑22 | 0.11.13.71 | Add Windows computer model, improve Operating System parsing |
| 2024‑05‑21 | 0.11.11.69 | Added additional states for Windows update, flexibility for non-standard program file configurations, support for network diagrams at the switch level, details for Windows editions |
| 2024‑05‑21 | 0.11.10.68 | Add specific cases for Defender patterns and Composer versions. |
| 2024‑05‑17 | 0.11.3.61 | Change Log storage location to c:\program files\Lavawall |
| 2024‑05‑17 | 0.11.1.59 | self-update improvements. |
| 2024‑05‑16 | 0.8.0.55 | error log reporting and management. |
| 2024‑05‑15 | 0.7.0.54 | Websocket resiliency improvements |
| 2024‑05‑09 | 0.6.0.53 | Error log reporting and management. |
Although the Linux agent code base is mature, dating back to 2006, we're still constantly improving it to add value and compatibility for new distributions. Some of our most recent changes include:
NOTE: changes after June 2024 are incorportated into the Windows Changelog as the codebases for Windows, Linux, and Mac were combined
NOTE: changes after June 2024 are incorportated into the Windows Changelog as the codebases for Windows, Linux, and Mac were combined
| 2024‑05‑20 | 253 | Added cleanup of old .json files during a re-install |
| 2024‑05‑13 | 252 | Added apt-get update to install |
| 2024‑05‑06 | 248 | Allow restart to use /var/run/reboot-required if needrestart is not installed |
| 2024‑04‑22 | 239 | Improve internal update and version tracking |
| 2024‑04‑15 | 235 | Add support for Yum packages |
| 2024‑04‑08 | 233 | Align patching with Windows patch reporting |
| 2024‑04‑02 | 228 | Add support for needrestart |
| 2024‑03‑04 | 224 | Schedule restarts |
| 2024‑03‑25 | 221 | Add support for apt packages |
| 2024‑03‑18 | 212 | Implement release management |
| 2024‑03‑11 | 202 | Add user login monitoring |
| 2024‑03‑04 | 189 | Enhance installation reliability |
| 2024‑02‑26 | 187 | Exapand triggers to identify if the instance needs to be restarted |
| 2024‑02‑19 | 146 | Improve compatibility for non-AWS instances |
| 2024‑02‑14 | 138 | Add self-uninstall capabilities |
| 2024‑02‑12 | 135 | Enhance scheduling flexibility |
| 2024‑02‑07 | 132 | Add kernel version tracking |
| 2024‑02‑05 | 124 | Add device hash to cryptographic self-update script validation |
| 2024‑01‑29 | 107 | Enhance encryption of patch data |
| 2024‑01‑22 | 98 | Improve how available storage is calculated |
| 2024‑01‑15 | 97 | Move initial tasks from installation file to sub scripts |
| 2024‑05‑21 | 91 | Improve multi-distribution compatibility |
| 2024‑05‑21 | 79 | Improve encryption reliability |
| 2023‑12‑11 | 68 | Enhance cryptographic validation of new scripts before updating |
| 2023‑11‑20 | 62 | Add inner layer of AES encryption in case TLS inspection doesn't allow for a secure connection |
| 2023‑11‑27 | 56 | Additional base cases for resiliancy |
| 2023‑11‑20 | 54 | Additional headers added to authentication process during installation. |
| 2023‑11‑20 | 53 | Enhanced key management |
| 2023‑11‑15 | 51 | Add insecure installation parameter to allow installation in environments with TLS inspection or other machine-in-the-middle situations. |
| 2023‑11‑06 | 42 | Enhance redundant encryption during installation. |
| 2023‑10‑30 | 33 | Improve install-over compatibility |
| 2023‑10‑23 | 18 | Add reboot configuration and scheduling |
| 2023‑10‑23 | 17 | Add self-updating functionality. |
| 2023‑10‑16 | 15 | Add Linux patching information for apt |
| 2023‑10‑09 | 14 | Collect system information |
| 2023‑10‑09 | 13 | Add Linux distribution information |
| 2023‑09‑30 | 12 | Add memory monitoring |
| 2023‑09‑30 | 10 | Add hardware information |
| 2023‑09‑23 | 9 | Add AWS information |
| 2023‑09‑23 | 8 | Add customized schedule capability for configuration updates |
| 2023‑09‑23 | 7 | Add support for package monitoring using package and dpkg logs |
| 2023‑09‑16 | 6 | Add storage data configuration gathering |
| 2023‑09‑16 | 5 | Add CPU information |
Lavawall®'s data gathering approach started with Government and Fortune 50 information security audits. When our founder transitioned from audit and assurance work to a Managed IT Service Provider (MSP), he was shocked that basics like Multi-Factor Authentication were painful to implement in some RMMs like ConnectWise and it was impossible to turn off remote access services in others like Datto RMM and SuperOps.
Lavawall® was built from the ground up with these concerns and the Minimum Viable Secure Product requirements in mind.
Some of the controls we implemented include:
Lavawall® was built from the ground up with these concerns and the Minimum Viable Secure Product requirements in mind.
Some of the controls we implemented include:
- PassKeys as the preferred primary authentication at no additional cost
- Single Sign-on using modern, maintained, and industry-standard protocols for all customers at no additional cost
- Multi-Factor Authentication as a non-negotiable default
- Encrypting communications the same way as TLS again within the TLS tunnel, so we can allow TLS inspection without breaking like Huntress or disclosing security vulnerabilities to eavesdroppers.
- Encouraging external vulnerability reports and customer testing
- Passwords checked against popular disclosed passwords, hashed before they leave your computer, and then stored using Argon2id
- Not requiring the use of passwords at all. We consider them a temporary backup authentication in case you can't use passkeys or SSO.
Lavawall® scanning computers are on dedicated servers in Calgary, Alberta, Canada.
Lavawall® databases and front-end systems are hosted with AWS in Montréal, Québec, Canada.
We send emails through AWS in Ireland and dedicated servers in Calgary, Alberta, Canada.
We send text messages for additional identity verification through Twilio in the United States.
We store executables and pass requests through Cloudflare at your nearest edge location.
We use Cloudflare for risk management, turnstile, and web application firewall services.
We use LeadPages for landing pages.
We use Google and Facebook for analytics on our public-facing pages, but they do not have access to the console.
We integrate with third-party tools, such as Microsoft, Google, Huntress, Screen Connect, Axcient, and Datto in their respective locations. However, you must initiate these integrations through single sign-on or by enabling them in your Lavawall® console.
Lavawall® databases and front-end systems are hosted with AWS in Montréal, Québec, Canada.
We send emails through AWS in Ireland and dedicated servers in Calgary, Alberta, Canada.
We send text messages for additional identity verification through Twilio in the United States.
We store executables and pass requests through Cloudflare at your nearest edge location.
We use Cloudflare for risk management, turnstile, and web application firewall services.
We use LeadPages for landing pages.
We use Google and Facebook for analytics on our public-facing pages, but they do not have access to the console.
We integrate with third-party tools, such as Microsoft, Google, Huntress, Screen Connect, Axcient, and Datto in their respective locations. However, you must initiate these integrations through single sign-on or by enabling them in your Lavawall® console.
Active security by design
Lavawall® is under active development with the latest release including:
7,438+
Monitored Applications
61+
System Metrics
Actively manage your IT with Lavawall®
Patching
Updates Beyond Windows
Lavawall® prevents the 80% of breaches and failed audits due to missing patches and updates.
You can reduce application patching delays from 67 days to nearly immediate with the 350+ applications that Lavawall® monitors and patches.
Patch release monitoring
Monitor everything without having to select packages or “managed applications”
Patch impact classification
Standard and optional Windows patches
Application Patching
Some of the applications that Lavawall® monitors and audits include:
Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.
Learn More
Flexible Term; Flexible Service
Flexibility for your dynamic business
You need to get your arms around compliance and security and don't want to get locked into “high watermark” monthly invoices or multi-year contracts.
Pay-as-you-need monthly pricing
DIY, full management, and coaching options
CMMI, PCI, SOC2, Canadian Cybersecurity, Minimum Viable Secure Product, and other compliance support
Choose the plan that's right for you
Simple pricing. No hidden fees. Advanced features for you business.
Month
Annual
Get 2 months free with Annual!
DIY
Security-focused RMM
C$3.25 /computer/Month
C$32.50 /computer/Year
-
1 computer
or 1 of the following cloud integrations:
AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
(each integration counts as 1 computer) -
50+ application patches
-
30-day Logs
-
Security configuration monitoring
-
Anomaly detection
-
CMMI, MVSP, CyberCanda compliance
-
Lavawall® support
-
Sophos MDR: C$13.50/desktopSophos MDR: C$162/desktop
-
Huntress: C$5.40/deviceHuntress: C$64.80/device
-
Available white-label support for end users
-
Level 3+ IT support for IT
-
Weekly IT coaching sessions
Popular
Managed Security & Support
Unlimited end-user support
C$160 /user/Month
C$1,600 /user/Year
-
1 computer/user
Additional devices charged at DIY prices -
AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
-
350+ application patches
-
90-day Logs
-
Security configuration monitoring
-
Anomaly detection
-
CMMI, MVSP, CyberCanda compliance
-
Lavawall® support
-
Sophos MDR Essentials
-
Huntress
-
White-label email and phone support for end users
-
Level 3+ IT support for IT
-
Weekly IT coaching sessions
-
Automatic discount and upgrade to Support & Coaching after 15 users
Support & Coaching
Improve your IT performance
$2,250 /Month
$22,500 /Year
-
25 computers included
Additional computers charged at DIY prices -
AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
-
350+ application patches
-
90-day Logs
-
Security configuration monitoring
-
Anomaly detection
-
CMMI, MVSP, CyberCanda compliance
-
Lavawall®-only support
-
Sophos MDR Essentials
-
Huntress
-
White-label email and phone support for 15 users included Additional: C$150/user Additional: C$1,500/user
-
L3 IT support for IT
-
Weekly IT coaching sessions
Frequently Asked Questions
If you can not find answer to your question in our FAQ, you can always contact us or email us. We will answer you shortly!
General Questions
The three big catalysts for Lavawall® were:
- Two years after a missing Plex Media Server led to the LastPass breach, the
Remote Monitorign and Management (RMM) tools availabel for Manged IT Service Providers (MSPs)
still didn't monitor for it.
Going through industry-specific applications, we noticed many were missing from the big RMM and patching providers. MSPs, insurance providers, and organizations that put their cleints at risk need to know about these risks, which lead to the largest number of critical audit findings and breaches - After 20 years of writing the same audit findings about system configurations, Payment Card Industry (PCI) compliance, and missing patches, our technical co-founder wanted to make it easier fo avoid these findings
- The existing risk visibility tools for insurance underwriters took a shallow look at Internet-facing risks. They -- along with all businesses -- need a deeper view of the threats that could actually lead to breaches.
Lavawall® breaks vulnerabilities into the following groups:
- Domain risks
- Operating System (OS) patches
- Application patches
- Network vulnerabilities
- Cloud vulnerabilities
- OS configurations
Yes!
You can use your own logo for the console and notifications. You can also use a CNAME to automatically brand your console.
Note: you cannot currently re-proxy the CNAME to Lavawall® through Cloudflare.
You can use your own logo for the console and notifications. You can also use a CNAME to automatically brand your console.
Note: you cannot currently re-proxy the CNAME to Lavawall® through Cloudflare.
Yes!
Lavawall® supports the following operating systems:All versions of Windows 10 and 11.
Debian, Ubuntu, Mint, and RedHat-based Linux distributions
MacOS
Lavawall® does not currently support non systemd distributions, such as Devuan, Artix Linux, PCLinuxOS, OpenWRT, and DD-WRT. However, we will support them by the end of 2024.
In June 2024, we combined the Windows and Linux systems for a consistent experience. This added support for RedHat and MacOS.
Lavawall® supports the following operating systems:
Lavawall® does not currently support non systemd distributions, such as Devuan, Artix Linux, PCLinuxOS, OpenWRT, and DD-WRT. However, we will support them by the end of 2024.
In June 2024, we combined the Windows and Linux systems for a consistent experience. This added support for RedHat and MacOS.
Privacy & Security
We encourage primary authentication for Lavawall® through Passkeys or Single Sign On (SSO).
However, we do allow passwords and use passwords as part of the zero-knowledge encryption for your clients' sensitive data, such as Bitlocker keys and Personally-Identifiable Information (PII).
These passwords use Argon2id slow hashes with individual salts and peppers.
However, we do allow passwords and use passwords as part of the zero-knowledge encryption for your clients' sensitive data, such as Bitlocker keys and Personally-Identifiable Information (PII).
These passwords use Argon2id slow hashes with individual salts and peppers.
Yes! Lavawall communicates with its endpoints through TLS. However, given that many of our clients want to be as secure as possible and have
TLS inspection enabled, we allow for "insecure" connections with invalid certificates, which result from such configurations.
We have added an additional secure tunnel that mimics the TLS process within the public TLS tunnel. This extra tunnel provides authentication and privacy for the workstations and the Lavawall® servers to prevent attacks such as the one that took down Solar Winds.
We have added an additional secure tunnel that mimics the TLS process within the public TLS tunnel. This extra tunnel provides authentication and privacy for the workstations and the Lavawall® servers to prevent attacks such as the one that took down Solar Winds.
We do not enable remote access tools like ScreenConnect unless you authorize them
and are logged in. Lavawall® was not vulnerable to the ScreenConnect vulnerability
because we install and uninstall it right before it's used. In addition, we give the option of linking to Access.
Remote access is not enabled for read-only and audit situations.
Remote access is not enabled for read-only and audit situations.
Lavawall®'s designer holds a CISSP and CISA. In addition, we have external and internal security reviews.
Get In Touch
Have a quick question and don't want to talk? Send us a quick note with the form below and we'll reply within one business day.
NW Calgary:
(By Appointment Only)
ThreeShield Information Security Corporation
600 Crowfoot Crescent N.W., Suite 340
Calgary, Alberta
T3G 0B4
ThreeShield Information Security Corporation
600 Crowfoot Crescent N.W., Suite 340
Calgary, Alberta
T3G 0B4
SE Calgary:
(By Appointment Only)
ThreeShield Information Security Corporation
105, 11500 - 29th St. SE
Calgary, Alberta
T2Z 3W9
Canada
ThreeShield Information Security Corporation
105, 11500 - 29th St. SE
Calgary, Alberta
T2Z 3W9
Canada
Phone
Sales Hours:
9:00am to 5:00pm Mountain Time
Support Hours:
7:00am to 7:00pm Mountain Time
On-Call Support Hours:
24/7