| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26764 |
787 |
|
Exec Code Mem. Corr. Bypass |
2022-05-26 |
2022-06-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
|
2 |
CVE-2022-22621 |
200 |
|
+Info |
2022-03-18 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
|
3 |
CVE-2022-22599 |
732 |
|
+Info |
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. |
|
4 |
CVE-2021-30915 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field. |
|
5 |
CVE-2021-30871 |
|
|
|
2021-08-24 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data. |
|
6 |
CVE-2021-30811 |
|
|
|
2021-10-19 |
2022-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. |
|
7 |
CVE-2021-30810 |
862 |
|
|
2021-10-19 |
2021-11-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. |
|
8 |
CVE-2021-30767 |
|
|
|
2021-12-23 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. |
|
9 |
CVE-2021-30697 |
|
|
+Info |
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. |
|
10 |
CVE-2021-1822 |
|
|
|
2021-09-08 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
11 |
CVE-2021-1815 |
22 |
|
Dir. Trav. |
2021-09-08 |
2022-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
12 |
CVE-2021-1797 |
|
|
|
2021-04-02 |
2021-05-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. |
|
13 |
CVE-2021-1769 |
|
|
Bypass |
2021-04-02 |
2021-04-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
|
14 |
CVE-2021-1740 |
22 |
|
Dir. Trav. |
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. |
|
15 |
CVE-2021-1739 |
22 |
|
Dir. Trav. |
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. |
|
16 |
CVE-2020-15358 |
787 |
|
Overflow |
2020-06-27 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
|
17 |
CVE-2020-13631 |
|
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
|
18 |
CVE-2020-13434 |
190 |
|
Overflow |
2020-05-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
|
19 |
CVE-2020-10002 |
|
|
|
2020-12-08 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. |
|
20 |
CVE-2020-9989 |
|
|
|
2020-12-08 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. |
|
21 |
CVE-2020-9978 |
|
|
|
2021-04-02 |
2021-04-07 |
2.7 |
None |
Local Network |
Low |
??? |
None |
Partial |
None |
|
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. |
|
22 |
CVE-2020-9772 |
|
|
|
2020-10-22 |
2020-10-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions. |
|
23 |
CVE-2020-3918 |
|
|
|
2020-10-22 |
2020-10-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information. |
|
24 |
CVE-2020-3917 |
|
|
|
2020-04-01 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks. |
|
25 |
CVE-2020-3891 |
862 |
|
|
2020-04-01 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. |
|
26 |
CVE-2020-3836 |
119 |
|
Overflow |
2020-02-27 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout. |
|
27 |
CVE-2019-8809 |
|
|
|
2020-10-27 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier. |
|
28 |
CVE-2019-8799 |
922 |
|
|
2020-10-27 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. |
|
29 |
CVE-2019-8798 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-12-18 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges. |
|
30 |
CVE-2019-8775 |
200 |
|
+Info |
2019-12-18 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. |
|
31 |
CVE-2019-8682 |
306 |
|
|
2019-12-18 |
2019-12-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen. |
|
32 |
CVE-2019-8568 |
59 |
|
|
2019-12-18 |
2019-12-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system. |
|
33 |
CVE-2019-8548 |
200 |
|
+Info |
2019-12-18 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep. |
|
34 |
CVE-2019-8546 |
200 |
|
+Info |
2019-12-18 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information. |
|
35 |
CVE-2019-8541 |
|
|
|
2019-12-18 |
2019-12-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs. |
|
36 |
CVE-2019-8510 |
125 |
|
|
2019-12-18 |
2019-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. |
|
37 |
CVE-2019-7293 |
787 |
|
Mem. Corr. |
2019-12-18 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory. |
|
38 |
CVE-2019-6207 |
125 |
|
|
2019-12-18 |
2019-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. |
|
39 |
CVE-2018-4448 |
|
|
|
2020-10-27 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory. |
|
40 |
CVE-2018-4395 |
20 |
|
|
2019-04-03 |
2019-04-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
41 |
CVE-2018-4313 |
20 |
|
|
2019-04-03 |
2019-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. |
|
42 |
CVE-2018-4235 |
74 |
|
|
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection. |
|
43 |
CVE-2018-4226 |
200 |
|
Bypass +Info |
2018-06-08 |
2019-03-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information. |
|
44 |
CVE-2018-4225 |
20 |
|
Bypass |
2018-06-08 |
2019-03-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications. |
|
45 |
CVE-2018-4224 |
200 |
|
Bypass +Info |
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. |
|
46 |
CVE-2018-4223 |
200 |
|
Bypass +Info |
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier. |
|
47 |
CVE-2018-4092 |
362 |
|
Bypass |
2018-04-03 |
2018-05-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app. |
|
48 |
CVE-2017-2390 |
59 |
|
|
2017-04-02 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors. |
|
49 |
CVE-2017-2352 |
|
|
Bypass |
2017-02-20 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors. |
|
50 |
CVE-2016-7714 |
200 |
|
+Info |
2017-02-20 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. |
