| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26764 |
787 |
|
Exec Code Mem. Corr. Bypass |
2022-05-26 |
2022-06-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
|
2 |
CVE-2022-26703 |
862 |
|
|
2022-05-26 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. |
|
3 |
CVE-2022-22671 |
|
|
|
2022-03-18 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. |
|
4 |
CVE-2022-22622 |
668 |
|
|
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
|
5 |
CVE-2022-22621 |
200 |
|
+Info |
2022-03-18 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
|
6 |
CVE-2022-22599 |
732 |
|
+Info |
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. |
|
7 |
CVE-2022-22598 |
668 |
|
|
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access. |
|
8 |
CVE-2021-30967 |
|
|
|
2021-08-24 |
2021-12-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information. |
|
9 |
CVE-2021-30956 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information. |
|
10 |
CVE-2021-30948 |
522 |
|
|
2021-08-24 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. |
|
11 |
CVE-2021-30932 |
|
|
|
2021-08-24 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen. |
|
12 |
CVE-2021-30921 |
668 |
|
|
2021-08-24 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. |
|
13 |
CVE-2021-30918 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen. |
|
14 |
CVE-2021-30915 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field. |
|
15 |
CVE-2021-30898 |
668 |
|
|
2021-08-24 |
2022-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. |
|
16 |
CVE-2021-30875 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen. |
|
17 |
CVE-2021-30871 |
|
|
|
2021-08-24 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data. |
|
18 |
CVE-2021-30816 |
|
|
|
2021-10-28 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. |
|
19 |
CVE-2021-30815 |
|
|
|
2021-10-19 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen. |
|
20 |
CVE-2021-30811 |
|
|
|
2021-10-19 |
2022-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. |
|
21 |
CVE-2021-30810 |
862 |
|
|
2021-10-19 |
2021-11-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. |
|
22 |
CVE-2021-30767 |
|
|
|
2021-12-23 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. |
|
23 |
CVE-2021-30756 |
200 |
|
+Info |
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. |
|
24 |
CVE-2021-30699 |
|
|
|
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. |
|
25 |
CVE-2021-30697 |
|
|
+Info |
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. |
|
26 |
CVE-2021-1863 |
287 |
|
|
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. |
|
27 |
CVE-2021-1862 |
287 |
|
|
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic. |
|
28 |
CVE-2021-1848 |
|
|
|
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher. |
|
29 |
CVE-2021-1836 |
269 |
|
|
2021-09-08 |
2022-10-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. |
|
30 |
CVE-2021-1835 |
862 |
|
|
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. |
|
31 |
CVE-2021-1822 |
|
|
|
2021-09-08 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
32 |
CVE-2021-1815 |
22 |
|
Dir. Trav. |
2021-09-08 |
2022-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
33 |
CVE-2021-1797 |
|
|
|
2021-04-02 |
2021-05-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. |
|
34 |
CVE-2021-1769 |
|
|
Bypass |
2021-04-02 |
2021-04-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
|
35 |
CVE-2021-1756 |
|
|
|
2021-04-02 |
2021-04-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. |
|
36 |
CVE-2021-1740 |
22 |
|
Dir. Trav. |
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. |
|
37 |
CVE-2021-1739 |
22 |
|
Dir. Trav. |
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. |
|
38 |
CVE-2020-29623 |
|
|
|
2021-04-02 |
2021-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. |
|
39 |
CVE-2020-27902 |
287 |
|
|
2020-12-08 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. |
|
40 |
CVE-2020-15358 |
787 |
|
Overflow |
2020-06-27 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
|
41 |
CVE-2020-13631 |
|
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
|
42 |
CVE-2020-13434 |
190 |
|
Overflow |
2020-05-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
|
43 |
CVE-2020-10002 |
|
|
|
2020-12-08 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. |
|
44 |
CVE-2020-9989 |
|
|
|
2020-12-08 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. |
|
45 |
CVE-2020-9988 |
|
|
|
2020-12-08 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. |
|
46 |
CVE-2020-9979 |
|
|
|
2020-10-27 |
2022-05-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content. |
|
47 |
CVE-2020-9978 |
|
|
|
2021-04-02 |
2021-04-07 |
2.7 |
None |
Local Network |
Low |
??? |
None |
Partial |
None |
|
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. |
|
48 |
CVE-2020-9959 |
667 |
|
|
2020-10-16 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. |
|
49 |
CVE-2020-9934 |
|
|
|
2020-10-16 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. |
|
50 |
CVE-2020-9848 |
|
|
|
2020-06-09 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. |
