CWE-20 <span class="text-2xl md:text-3xl font-bold ml-2" style="color:var(--text-secondary)">— Improper Input Validation

CVE-2018-4188MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI vi…

CVE-2018-4195MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issu…

CVE-2018-4198MEDIUMCVSS 5.5EG 5.5

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.

CVE-2018-4202MEDIUMCVSS 5.9EG 5.9

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote at…

CVE-2018-4205MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.

CVE-2018-4207HIGHCVSS 8.8EG 8.8

An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

CVE-2018-4208HIGHCVSS 8.8EG 8.8

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

CVE-2018-4209HIGHCVSS 8.8EG 8.8

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

CVE-2018-4213HIGHCVSS 8.8EG 8.8

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

CVE-2018-4225MEDIUMCVSS 5.5EG 5.5

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

CVE-2018-4240MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The …

CVE-2018-4247MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote…

CVE-2018-4250MEDIUMCVSS 6.5EG 6.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage)…

CVE-2018-4254CRITICALCVSS 9.8EG 9.8

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

CVE-2018-4260MEDIUMCVSS 6.5EG 6.5

In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4274HIGHCVSS 7.5EG 7.5

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

CVE-2018-4277HIGHCVSS 7.5EG 7.5

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

CVE-2018-4279MEDIUMCVSS 5.3EG 5.3

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4293MEDIUMCVSS 5.3EG 5.3

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.

CVE-2018-4295CRITICALCVSS 9.8EG 9.8

A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4303HIGHCVSS 7.8EG 7.8

An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4304MEDIUMCVSS 5.0EG 5.0

An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

CVE-2018-4305MEDIUMCVSS 6.5EG 6.5

A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4307MEDIUMCVSS 4.3EG 4.3

An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2018-4313MEDIUMCVSS 5.5EG 5.5

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

CVE-2018-4321MEDIUMCVSS 5.3EG 5.3

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2018-4322LOWCVSS 3.3EG 3.3

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.

CVE-2018-4333MEDIUMCVSS 5.5EG 5.5

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.

CVE-2018-4335MEDIUMCVSS 5.5EG 5.5

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CVE-2018-4338MEDIUMCVSS 5.5EG 5.5

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.

CVE-2018-4342MEDIUMCVSS 5.5EG 5.5

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4346MEDIUMCVSS 5.5EG 5.5

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.

CVE-2018-4348MEDIUMCVSS 5.5EG 5.5

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4353CRITICALCVSS 9.8EG 9.8

A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4362MEDIUMCVSS 6.5EG 6.5

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4363MEDIUMCVSS 5.5EG 5.5

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.

CVE-2018-4368MEDIUMCVSS 6.5EG 6.5

An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2018-4369HIGHCVSS 7.5EG 7.5

A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

CVE-2018-4385MEDIUMCVSS 6.5EG 6.5

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

CVE-2018-4389MEDIUMCVSS 6.5EG 6.5

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.

CVE-2018-4395MEDIUMCVSS 5.5EG 5.5

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.

CVE-2018-4396MEDIUMCVSS 5.5EG 5.5

This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4397MEDIUMCVSS 4.3EG 4.3

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4398HIGHCVSS 7.5EG 7.5

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.

CVE-2018-4399MEDIUMCVSS 5.5EG 5.5

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes …

CVE-2018-4400MEDIUMCVSS 5.5EG 5.5

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4406MEDIUMCVSS 6.5EG 6.5

A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.

CVE-2018-4417MEDIUMCVSS 5.5EG 5.5

A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.