CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22673 DoS 2022-05-26 2022-06-03
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
2 CVE-2022-22653 20 2022-03-18 2022-03-24
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.
3 CVE-2022-22643 2022-03-18 2022-03-24
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.
4 CVE-2022-22609 2022-03-18 2022-03-24
5.0
None Remote Low Not required Partial None None
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.
5 CVE-2022-22585 59 2022-03-18 2022-03-28
5.0
None Remote Low Not required Partial None None
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.
6 CVE-2021-31010 502 2021-08-24 2023-01-09
5.0
None Remote Low Not required None Partial None
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
7 CVE-2021-31005 2021-08-24 2023-01-09
5.0
None Remote Low Not required None Partial None
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types.
8 CVE-2021-30998 295 2021-08-24 2023-01-09
5.0
None Remote Low Not required Partial None None
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address.
9 CVE-2021-30997 312 2021-08-24 2023-01-09
5.0
None Remote Low Not required Partial None None
A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail.
10 CVE-2021-30995 362 2021-08-24 2022-02-21
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges.
11 CVE-2021-30984 362 Exec Code 2021-08-24 2022-02-19
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
12 CVE-2021-30966 668 2021-08-24 2021-12-29
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.
13 CVE-2021-30882 2021-08-24 2023-01-09
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call.
14 CVE-2021-30874 862 2021-08-24 2023-01-09
5.0
None Remote Low Not required None Partial None
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.
15 CVE-2021-30854 2021-08-24 2023-01-09
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.
16 CVE-2021-30826 2021-10-19 2022-03-25
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.
17 CVE-2021-30800 DoS Exec Code 2021-09-08 2021-09-21
5.8
None Local Network Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.
18 CVE-2021-30788 2021-09-08 2021-09-15
5.8
None Remote Medium Not required Partial None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
19 CVE-2021-30786 362 Exec Code 2021-09-08 2021-09-21
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
20 CVE-2021-30741 416 2021-09-08 2023-01-09
5.8
None Remote Medium Not required None Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
21 CVE-2021-30729 2021-09-08 2023-01-09
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.
22 CVE-2021-30720 287 2021-09-08 2023-01-09
5.8
None Remote Medium Not required Partial Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.
23 CVE-2021-30715 DoS 2021-09-08 2021-09-16
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.
24 CVE-2021-30710 787 DoS Mem. Corr. 2021-09-08 2021-09-16
5.8
None Remote Medium Not required Partial None Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.
25 CVE-2021-30698 476 DoS 2021-09-08 2021-09-17
5.0
None Remote Low Not required None None Partial
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.
26 CVE-2021-1849 347 Bypass 2021-09-08 2021-09-20
5.0
None Remote Low Not required Partial None None
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.
27 CVE-2021-1809 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.
28 CVE-2021-1808 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.
29 CVE-2021-1764 416 DoS 2021-04-02 2021-04-09
5.0
None Remote Low Not required None None Partial
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
30 CVE-2021-1761 DoS 2021-04-02 2021-04-13
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
31 CVE-2020-9994 2020-10-22 2020-10-26
5.8
None Remote Medium Not required None Partial Partial
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
32 CVE-2020-9991 DoS 2020-12-08 2023-01-09
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
33 CVE-2020-9952 79 XSS 2020-10-16 2023-01-09
5.8
None Remote Medium Not required None Partial Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
34 CVE-2020-9941 2020-10-27 2023-01-09
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.
35 CVE-2020-9931 20 DoS 2020-10-16 2023-01-09
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.
36 CVE-2020-9917 DoS 2020-10-16 2023-01-09
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.
37 CVE-2020-9916 2020-10-16 2023-01-09
5.0
None Remote Low Not required None Partial None
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.
38 CVE-2020-9914 20 DoS 2020-10-16 2023-01-09
5.0
None Remote Low Not required None None Partial
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.
39 CVE-2020-9911 Bypass 2020-10-16 2023-01-09
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.
40 CVE-2020-9905 120 DoS Overflow 2020-10-22 2023-01-09
5.0
None Remote Low Not required None None Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
41 CVE-2020-9903 346 2020-10-16 2023-01-09
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.
42 CVE-2020-9843 79 XSS 2020-06-09 2023-01-09
5.8
None Remote Medium Not required None Partial Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.
43 CVE-2020-9842 2020-06-09 2023-01-09
5.8
None Remote Medium Not required Partial Partial None
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.
44 CVE-2020-9839 362 +Priv 2020-06-09 2023-01-09
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
45 CVE-2020-9837 125 2020-06-09 2023-01-09
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
46 CVE-2020-9835 2020-06-09 2023-01-09
5.0
None Remote Low Not required None Partial None
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
47 CVE-2020-9827 DoS 2020-06-09 2023-01-09
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
48 CVE-2020-9826 20 DoS 2020-06-09 2023-01-09
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.
49 CVE-2020-9823 2020-06-09 2023-01-09
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.
50 CVE-2020-9820 2020-06-09 2020-06-11
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.
Total number of vulnerabilities : 258   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.