| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-22609 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
|
2 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
|
3 |
CVE-2021-36690 |
|
|
Exec Code |
2021-08-24 |
2023-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. |
|
4 |
CVE-2021-31010 |
502 |
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. |
|
5 |
CVE-2021-30995 |
362 |
|
|
2021-08-24 |
2022-02-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. |
|
6 |
CVE-2021-30984 |
362 |
|
Exec Code |
2021-08-24 |
2022-02-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
7 |
CVE-2021-30966 |
668 |
|
|
2021-08-24 |
2021-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. |
|
8 |
CVE-2021-30882 |
|
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call. |
|
9 |
CVE-2021-30854 |
|
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions. |
|
10 |
CVE-2021-30788 |
|
|
|
2021-09-08 |
2021-09-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. |
|
11 |
CVE-2021-30720 |
287 |
|
|
2021-09-08 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. |
|
12 |
CVE-2021-30715 |
|
|
DoS |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. |
|
13 |
CVE-2021-30710 |
787 |
|
DoS Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. |
|
14 |
CVE-2021-1849 |
347 |
|
Bypass |
2021-09-08 |
2021-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. |
|
15 |
CVE-2021-1809 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. |
|
16 |
CVE-2021-1808 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. |
|
17 |
CVE-2021-1764 |
416 |
|
DoS |
2021-04-02 |
2021-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
18 |
CVE-2021-1761 |
|
|
DoS |
2021-04-02 |
2021-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
19 |
CVE-2020-9994 |
|
|
|
2020-10-22 |
2020-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. |
|
20 |
CVE-2020-9991 |
|
|
DoS |
2020-12-08 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. |
|
21 |
CVE-2020-9952 |
79 |
|
XSS |
2020-10-16 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
22 |
CVE-2020-9941 |
|
|
|
2020-10-27 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state. |
|
23 |
CVE-2020-9916 |
|
|
|
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. |
|
24 |
CVE-2020-9843 |
79 |
|
XSS |
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
25 |
CVE-2020-9842 |
|
|
|
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions. |
|
26 |
CVE-2020-9839 |
362 |
|
+Priv |
2020-06-09 |
2023-01-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. |
|
27 |
CVE-2020-9827 |
|
|
DoS |
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. |
|
28 |
CVE-2020-9808 |
119 |
|
Overflow Mem. Corr. |
2020-06-09 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. |
|
29 |
CVE-2020-9805 |
79 |
|
XSS |
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. |
|
30 |
CVE-2020-9794 |
125 |
|
DoS |
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. |
|
31 |
CVE-2020-9787 |
|
|
|
2020-10-22 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences. |
|
32 |
CVE-2020-3916 |
200 |
|
+Info |
2020-04-01 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. |
|
33 |
CVE-2020-3877 |
125 |
|
Exec Code |
2020-02-27 |
2020-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
|
34 |
CVE-2019-15165 |
770 |
|
|
2019-10-03 |
2022-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. |
|
35 |
CVE-2019-8854 |
|
|
|
2020-10-27 |
2020-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. |
|
36 |
CVE-2019-8787 |
125 |
|
|
2019-12-18 |
2019-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory. |
|
37 |
CVE-2019-8665 |
20 |
|
DoS |
2019-12-18 |
2019-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination. |
|
38 |
CVE-2019-8659 |
|
|
|
2019-12-18 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state. |
|
39 |
CVE-2019-8646 |
125 |
|
|
2019-12-18 |
2019-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory. |
|
40 |
CVE-2019-8633 |
20 |
|
|
2020-10-27 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. |
|
41 |
CVE-2019-8624 |
125 |
|
|
2019-12-18 |
2019-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory. |
|
42 |
CVE-2019-8620 |
200 |
|
+Info |
2019-12-18 |
2019-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. |
|
43 |
CVE-2019-8618 |
|
|
|
2020-10-27 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions. |
|
44 |
CVE-2019-8516 |
20 |
|
DoS |
2019-12-18 |
2019-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. |
|
45 |
CVE-2019-6219 |
20 |
|
DoS |
2019-03-05 |
2019-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. |
|
46 |
CVE-2018-20505 |
89 |
|
DoS Sql |
2019-04-03 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). |
|
47 |
CVE-2018-4474 |
400 |
|
|
2020-10-27 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. |
|
48 |
CVE-2018-4436 |
295 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. |
|
49 |
CVE-2018-4398 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
50 |
CVE-2018-4369 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
