# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-26711 |
190 |
|
Exec Code Overflow |
2022-05-26 |
2022-06-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
2 |
CVE-2020-9895 |
416 |
|
Exec Code |
2020-10-16 |
2023-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
3 |
CVE-2020-9850 |
|
|
Exec Code |
2020-06-09 |
2023-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. |
4 |
CVE-2020-3911 |
120 |
|
Overflow |
2020-04-01 |
2020-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. |
5 |
CVE-2020-3910 |
120 |
|
Overflow |
2020-04-01 |
2020-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. |
6 |
CVE-2020-3909 |
120 |
|
Overflow |
2020-04-01 |
2022-06-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. |
7 |
CVE-2020-3864 |
346 |
|
|
2020-10-27 |
2021-05-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. |
8 |
CVE-2019-8756 |
20 |
|
Mem. Corr. |
2020-10-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. |
9 |
CVE-2019-8749 |
20 |
|
Mem. Corr. |
2020-10-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. |
10 |
CVE-2019-8746 |
125 |
|
Exec Code |
2020-10-27 |
2020-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
11 |
CVE-2019-8741 |
835 |
|
DoS |
2020-02-28 |
2020-04-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A denial of service issue was addressed with improved input validation. |
12 |
CVE-2019-8600 |
89 |
|
Exec Code Sql Mem. Corr. |
2019-12-18 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. |
13 |
CVE-2019-6235 |
787 |
|
Mem. Corr. |
2019-03-04 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. |
14 |
CVE-2016-1742 |
264 |
|
+Priv |
2016-05-20 |
2016-12-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
15 |
CVE-2015-7017 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. |
16 |
CVE-2015-6992 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. |
17 |
CVE-2015-6975 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. |
18 |
CVE-2015-5874 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-09-18 |
2016-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
19 |
CVE-2015-1157 |
17 |
|
DoS |
2015-05-28 |
2016-11-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. |
20 |
CVE-2014-8146 |
119 |
|
DoS Exec Code Overflow |
2015-05-25 |
2019-04-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. |
21 |
CVE-2014-4466 |
399 |
|
DoS Exec Code Mem. Corr. |
2014-12-10 |
2019-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. |
22 |
CVE-2014-3192 |
416 |
|
DoS |
2014-10-08 |
2019-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
23 |
CVE-2012-0648 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
24 |
CVE-2012-0639 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
25 |
CVE-2012-0638 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
26 |
CVE-2012-0637 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
27 |
CVE-2012-0636 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
28 |
CVE-2012-0634 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-05 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
29 |
CVE-2011-3966 |
416 |
|
DoS |
2012-02-09 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. |
30 |
CVE-2011-3926 |
787 |
|
DoS Overflow |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
31 |
CVE-2011-3924 |
416 |
|
DoS |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. |
32 |
CVE-2011-3913 |
416 |
|
DoS |
2011-12-13 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. |
33 |
CVE-2011-3885 |
416 |
|
DoS |
2011-10-25 |
2020-05-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. |
34 |
CVE-2011-3244 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
35 |
CVE-2011-3241 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
36 |
CVE-2011-3239 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
37 |
CVE-2011-3238 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
38 |
CVE-2011-3237 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
39 |
CVE-2011-3236 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
40 |
CVE-2011-3235 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
41 |
CVE-2011-3233 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
42 |
CVE-2011-3064 |
416 |
|
DoS |
2012-03-30 |
2020-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. |
43 |
CVE-2011-3021 |
416 |
|
DoS |
2012-02-16 |
2020-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. |
44 |
CVE-2011-2866 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-08 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. |
45 |
CVE-2011-2860 |
416 |
|
DoS |
2011-09-19 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. |
46 |
CVE-2011-2831 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
47 |
CVE-2011-2827 |
416 |
|
DoS |
2011-08-29 |
2020-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. |
48 |
CVE-2011-2823 |
416 |
|
DoS |
2011-08-29 |
2020-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. |
49 |
CVE-2011-2820 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
50 |
CVE-2011-2817 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |