Max CVSS 10.0 Min CVSS 2.1 Total Count31
IDCVSSSummaryLast (major) updatePublished
CVE-2018-4293 5.0
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4291 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4289 7.1
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4288 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4287 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4286 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4285 9.3
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4283 4.9
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4280 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4276 5.0
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4269 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4268 10.0
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4259 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4248 5.0
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4178 2.1
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4277 5.0
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-5383 4.3
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generat
07-08-2018 - 17:29 07-08-2018 - 17:29
CVE-2018-3665 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-6913 7.5
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
18-04-2018 - 21:29 17-04-2018 - 16:29
CVE-2018-6797 7.5
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
17-04-2018 - 16:29 17-04-2018 - 16:29
CVE-2018-8780 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional director
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8779 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8778 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8777 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-6914 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files vi
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2017-17742 5.0
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2017-17405 9.3
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command followi
15-12-2017 - 04:29 15-12-2017 - 04:29
CVE-2017-14033 5.0
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
19-09-2017 - 13:29 19-09-2017 - 13:29
CVE-2017-10784 9.3
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted
19-09-2017 - 13:29 19-09-2017 - 13:29
CVE-2017-0898 6.4
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information discl
15-09-2017 - 15:29 15-09-2017 - 15:29
CVE-2017-14064 7.5
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning
31-08-2017 - 13:29 31-08-2017 - 13:29
Back to Top Mark selected
Back to Top