| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-1764 |
416 |
|
DoS |
2021-04-02 |
2021-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
2 |
CVE-2021-1761 |
|
|
DoS |
2021-04-02 |
2021-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
3 |
CVE-2020-9994 |
|
|
|
2020-10-22 |
2020-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. |
|
4 |
CVE-2020-9991 |
|
|
DoS |
2020-12-08 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. |
|
5 |
CVE-2020-9952 |
79 |
|
XSS |
2020-10-16 |
2020-12-23 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
6 |
CVE-2020-9916 |
|
|
|
2020-10-16 |
2020-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. |
|
7 |
CVE-2020-9914 |
20 |
|
DoS |
2020-10-16 |
2020-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. |
|
8 |
CVE-2020-9905 |
120 |
|
DoS Overflow |
2020-10-22 |
2020-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service. |
|
9 |
CVE-2020-9843 |
79 |
|
XSS |
2020-06-09 |
2020-10-16 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
10 |
CVE-2020-9839 |
362 |
|
+Priv |
2020-06-09 |
2020-10-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. |
|
11 |
CVE-2020-9837 |
125 |
|
|
2020-06-09 |
2020-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. |
|
12 |
CVE-2020-9827 |
|
|
DoS |
2020-06-09 |
2020-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. |
|
13 |
CVE-2020-9808 |
119 |
|
Overflow Mem. Corr. |
2020-06-09 |
2020-06-11 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. |
|
14 |
CVE-2020-9805 |
79 |
|
XSS |
2020-06-09 |
2020-10-16 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. |
|
15 |
CVE-2020-9794 |
125 |
|
DoS |
2020-06-09 |
2021-03-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. |
|
16 |
CVE-2020-9787 |
|
|
|
2020-10-22 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences. |
|
17 |
CVE-2019-8854 |
|
|
|
2020-10-27 |
2020-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. |
|
18 |
CVE-2019-8787 |
125 |
|
|
2019-12-18 |
2019-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory. |
|
19 |
CVE-2019-8646 |
125 |
|
|
2019-12-18 |
2019-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory. |
|
20 |
CVE-2019-8633 |
20 |
|
|
2020-10-27 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. |
|
21 |
CVE-2019-8631 |
|
|
|
2020-10-27 |
2020-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. |
|
22 |
CVE-2019-8620 |
200 |
|
+Info |
2019-12-18 |
2019-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. |
|
23 |
CVE-2019-8530 |
|
|
|
2019-12-18 |
2020-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files. |
|
24 |
CVE-2019-8516 |
20 |
|
DoS |
2019-12-18 |
2019-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. |
|
25 |
CVE-2018-4474 |
400 |
|
|
2020-10-27 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. |
|
26 |
CVE-2018-4436 |
295 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. |
|
27 |
CVE-2018-4398 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. |
|
28 |
CVE-2018-4369 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. |
|
29 |
CVE-2018-4321 |
20 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. |
|
30 |
CVE-2018-4293 |
20 |
|
|
2019-04-03 |
2019-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. |
|
31 |
CVE-2018-4277 |
20 |
|
|
2019-01-11 |
2019-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. |
|
32 |
CVE-2018-4248 |
125 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2. |
|
33 |
CVE-2018-4203 |
125 |
|
|
2019-04-03 |
2019-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
|
34 |
CVE-2018-4192 |
362 |
|
Exec Code |
2018-06-08 |
2019-03-07 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. |
|
35 |
CVE-2018-4185 |
200 |
|
+Info |
2019-01-11 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. |
|
36 |
CVE-2018-4142 |
20 |
|
DoS |
2018-04-03 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string. |
|
37 |
CVE-2017-13903 |
|
|
|
2017-12-25 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. |
|
38 |
CVE-2017-11122 |
200 |
|
+Info |
2017-10-04 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. |
|
39 |
CVE-2017-7154 |
20 |
|
DoS Bypass |
2017-12-27 |
2019-03-22 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). |
|
40 |
CVE-2017-7153 |
601 |
|
|
2018-04-03 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. |
|
41 |
CVE-2017-7151 |
362 |
|
|
2019-04-03 |
2019-04-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. |
|
42 |
CVE-2017-7116 |
200 |
|
+Info |
2017-10-23 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic. |
|
43 |
CVE-2017-7090 |
200 |
|
Bypass +Info |
2017-10-23 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. |
|
44 |
CVE-2017-7080 |
295 |
|
Bypass |
2017-10-23 |
2019-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. |
|
45 |
CVE-2017-7065 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-03 |
2019-03-08 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. |
|
46 |
CVE-2017-2461 |
20 |
|
DoS |
2017-04-02 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. |
|
47 |
CVE-2017-2450 |
125 |
|
DoS +Info |
2017-04-02 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. |
|
48 |
CVE-2017-2447 |
119 |
|
DoS Overflow Mem. Corr. +Info |
2017-04-02 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. |
|
49 |
CVE-2017-2439 |
125 |
|
DoS +Info |
2017-04-02 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. |
|
50 |
CVE-2016-4776 |
125 |
|
DoS +Info |
2016-09-25 |
2019-03-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. |
