Icloud Security Vulnerabilities and Issues — Icloud CVE List

Lucene search

AppleIcloud

50 matches found

CVE•added 2021/09/08 3:15 p.m.•296 views

CVE-2021-1825

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site ...

6.1CVSS6.4AI score0.00178EPSS

CVE•added 2020/02/27 9:15 p.m.•267 views

CVE-2020-3867

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scri...

6.1CVSS6.2AI score0.00312EPSS

CVE•added 2020/10/16 5:15 p.m.•257 views

CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cros...

6.1CVSS6.4AI score0.00396EPSS

CVE•added 2020/10/16 5:15 p.m.•255 views

CVE-2020-9915

An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing malici...

6.5CVSS6.8AI score0.00214EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8690

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously craf...

6.1CVSS6.1AI score0.08113EPSS

CVE•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8625

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.3AI score0.0023EPSS

CVE•added 2019/12/18 6:15 p.m.•240 views

CVE-2019-8813

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.1AI score0.00336EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8551

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.1AI score0.00861EPSS

CVE•added 2020/02/27 9:15 p.m.•224 views

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.

6.5CVSS6.3AI score0.00183EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8615

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

6.5CVSS7.9AI score0.00728EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8719

6.1CVSS6.2AI score0.00728EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8649

A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciou...

6.1CVSS6AI score0.0982EPSS

CVE•added 2019/12/18 6:15 p.m.•205 views

CVE-2019-8597

6.5CVSS7.8AI score0.00728EPSS

CVE•added 2019/12/18 6:15 p.m.•203 views

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process ...

6.5CVSS6.5AI score0.00683EPSS

CVE•added 2022/12/15 7:15 p.m.•202 views

CVE-2022-46698

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.4AI score0.0046EPSS

CVE•added 2019/12/18 6:15 p.m.•199 views

CVE-2019-8608

6.8CVSS7.7AI score0.00767EPSS

CVE•added 2019/12/18 6:15 p.m.•197 views

CVE-2019-8658

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cro...

6.1CVSS6AI score0.00924EPSS

CVE•added 2020/04/01 6:15 p.m.•178 views

CVE-2020-3902

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site script...

6.1CVSS6.5AI score0.00322EPSS

CVE•added 2019/03/05 4:29 p.m.•177 views

CVE-2019-6229

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6AI score0.00713EPSS

CVE•added 2019/12/18 6:15 p.m.•172 views

CVE-2019-7292

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.

6.5CVSS6.4AI score0.00627EPSS

CVE•added 2019/04/03 6:29 p.m.•167 views

CVE-2018-4270

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.1AI score0.00394EPSS

CVE•added 2019/12/18 6:15 p.m.•164 views

CVE-2019-8515

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.4AI score0.0048EPSS

CVE•added 2019/04/03 6:29 p.m.•151 views

CVE-2018-4273

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.4AI score0.00394EPSS

CVE•added 2019/04/03 6:29 p.m.•148 views

CVE-2018-4345

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

6.1CVSS6.1AI score0.01123EPSS

CVE•added 2020/12/08 8:15 p.m.•147 views

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.

6.5CVSS5.9AI score0.01069EPSS

CVE•added 2019/04/03 6:29 p.m.•126 views

CVE-2018-4309

6.1CVSS6.1AI score0.01123EPSS

CVE•added 2018/04/03 6:29 a.m.•116 views

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allow...

6.5CVSS6.2AI score0.01004EPSS

CVE•added 2017/10/23 1:29 a.m.•105 views

CVE-2017-7089

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandl...

6.1CVSS5.4AI score0.04871EPSS

CVE•added 2021/09/08 3:15 p.m.•104 views

CVE-2021-1857

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing...

6.5CVSS6.5AI score0.00605EPSS

CVE•added 2021/09/08 3:15 p.m.•103 views

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously ...

6.5CVSS6.3AI score0.00605EPSS

CVE•added 2018/06/08 6:29 p.m.•102 views

CVE-2018-4188

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

6.5CVSS6.2AI score0.01448EPSS

CVE•added 2018/04/03 6:29 a.m.•96 views

CVE-2018-4146

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

6.5CVSS6.1AI score0.00848EPSS

CVE•added 2018/04/03 6:29 a.m.•95 views

CVE-2018-4113

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore fu...

6.5CVSS6.1AI score0.01156EPSS

CVE•added 2017/10/23 1:29 a.m.•92 views

CVE-2017-7109

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulner...

6.1CVSS5.4AI score0.00723EPSS

CVE•added 2020/10/27 8:15 p.m.•91 views

CVE-2019-8762

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.3AI score0.00721EPSS

CVE•added 2019/04/03 6:29 p.m.•83 views

CVE-2018-4374

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6.4AI score0.00643EPSS

CVE•added 2017/04/02 1:59 a.m.•80 views

CVE-2017-2480

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.19072EPSS

CVE•added 2018/04/03 6:29 a.m.•80 views

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" comp...

6.1CVSS5.5AI score0.00324EPSS

CVE•added 2017/02/20 8:59 a.m.•76 views

CVE-2016-7586

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web ...

6.5CVSS6AI score0.00677EPSS

CVE•added 2017/02/20 8:59 a.m.•75 views

CVE-2016-7599

6.5CVSS6.2AI score0.00427EPSS

CVE•added 2017/04/02 1:59 a.m.•72 views

CVE-2017-2479

6.5CVSS6.2AI score0.15758EPSS

CVE•added 2018/04/03 6:29 a.m.•72 views

CVE-2017-2493

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain s...

6.5CVSS6.1AI score0.00281EPSS

CVE•added 2017/02/20 8:59 a.m.•69 views

CVE-2016-4613

An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted...

6.5CVSS6.1AI score0.0059EPSS

CVE•added 2019/04/03 6:29 p.m.•68 views

CVE-2018-4377

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6AI score0.00643EPSS

CVE•added 2020/10/27 8:15 p.m.•68 views

CVE-2019-8570

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.3AI score0.00478EPSS

CVE•added 2017/10/23 1:29 a.m.•66 views

CVE-2017-7106

6.5CVSS6.2AI score0.00693EPSS

CVE•added 2019/04/03 6:29 p.m.•66 views

CVE-2018-4409

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.5CVSS6.6AI score0.00439EPSS

CVE•added 2017/02/20 8:59 a.m.•60 views

CVE-2016-7598

6.5CVSS5.9AI score0.00569EPSS

CVE•added 2019/04/03 6:29 p.m.•59 views

CVE-2018-4271

6.5CVSS7.4AI score0.00333EPSS

CVE•added 2019/04/03 6:29 p.m.•40 views

CVE-2018-4439

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

6.5CVSS6.6AI score0.00344EPSS