CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Watchos : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1865 476 DoS 2016-07-22 2019-03-20
4.9
None Local Low Not required None None Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
2 CVE-2016-4628 200 DoS +Info 2016-07-22 2017-09-01
4.9
None Local Low Not required Complete None None
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
3 CVE-2016-7615 DoS 2017-02-20 2018-10-30
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.
4 CVE-2018-4282 125 2019-04-03 2019-04-04
4.9
None Local Low Not required Complete None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
5 CVE-2018-4431 200 +Info 2019-04-03 2019-04-05
4.9
None Local Low Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
6 CVE-2021-1786 2021-04-02 2021-04-09
4.9
None Local Low Not required None Complete None
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.
7 CVE-2021-1807 668 2021-09-08 2021-09-15
4.9
None Local Low Not required None Complete None
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files.
8 CVE-2021-30770 287 Exec Code Bypass 2021-09-08 2021-09-15
4.9
None Local Low Not required None Complete None
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
9 CVE-2019-9506 327 2019-08-14 2021-11-04
4.8
None Local Network Low Not required Partial Partial None
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
10 CVE-2013-3951 20 Bypass 2013-06-05 2016-12-08
4.6
None Local Low Not required Partial Partial Partial
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
11 CVE-2016-1832 119 DoS Overflow +Priv Mem. Corr. 2016-05-20 2019-03-21
4.6
None Local Low Not required Partial Partial Partial
libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
12 CVE-2016-7651 285 Bypass 2017-02-20 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
13 CVE-2019-8803 613 2019-12-18 2019-12-26
4.6
None Local Low Not required Partial Partial Partial
An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
14 CVE-2020-9900 59 2020-10-22 2020-10-27
4.6
None Local Low Not required Partial Partial Partial
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.
15 CVE-2020-9946 667 2020-10-16 2020-11-15
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.
16 CVE-2020-10003 59 2020-12-08 2020-12-15
4.6
None Local Low Not required Partial Partial Partial
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
17 CVE-2020-10010 22 Dir. Trav. 2020-12-08 2020-12-15
4.6
None Local Low Not required Partial Partial Partial
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
18 CVE-2020-27899 416 2021-04-02 2021-04-07
4.6
None Local Low Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.
19 CVE-2021-1757 125 2021-04-02 2021-04-08
4.6
None Local Low Not required Partial Partial Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.
20 CVE-2021-1787 269 2021-04-02 2021-04-09
4.6
None Local Low Not required Partial Partial Partial
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.
21 CVE-2021-1868 269 2021-09-08 2021-09-20
4.6
None Local Low Not required Partial Partial Partial
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.
22 CVE-2021-30677 2021-09-08 2021-11-03
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.
23 CVE-2021-30724 269 2021-09-08 2021-09-22
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.
24 CVE-2021-30781 Exec Code 2021-09-08 2021-09-17
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.
25 CVE-2021-30906 269 2021-08-24 2021-11-02
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.
26 CVE-2021-30945 269 2021-08-24 2022-01-03
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges.
27 CVE-2015-5523 119 DoS Overflow 2015-08-11 2016-12-08
4.3
None Remote Medium Not required None None Partial
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
28 CVE-2015-5824 310 +Info 2015-09-18 2016-12-22
4.3
None Local Network Medium Not required Partial Partial None
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
29 CVE-2015-5834 200 +Info 2015-09-18 2016-12-22
4.3
None Remote Medium Not required Partial None None
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
30 CVE-2015-5837 20 Bypass 2015-09-18 2016-12-22
4.3
None Remote Medium Not required None Partial None
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
31 CVE-2015-5855 200 +Info 2015-09-18 2016-12-22
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.
32 CVE-2015-5862 119 DoS Overflow Mem. Corr. 2015-09-18 2016-12-22
4.3
None Remote Medium Not required None None Partial
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
33 CVE-2015-5916 200 +Info 2015-09-18 2016-12-22
4.3
None Remote Medium Not required Partial None None
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
34 CVE-2015-6997 254 2015-10-23 2016-12-24
4.3
None Remote Medium Not required None Partial None
The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
35 CVE-2015-7040 DoS 2015-12-11 2019-03-08
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.
36 CVE-2015-7041 DoS 2015-12-11 2019-03-08
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.
37 CVE-2015-7042 DoS 2015-12-11 2019-03-08
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.
38 CVE-2015-7043 DoS 2015-12-11 2019-03-08
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
39 CVE-2016-1748 200 +Info 2016-03-24 2019-03-25
4.3
None Remote Medium Not required Partial None None
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
40 CVE-2016-1802 200 +Info 2016-05-20 2019-03-25
4.3
None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
41 CVE-2016-1811 476 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
42 CVE-2016-1833 125 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
43 CVE-2016-1836 416 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
44 CVE-2016-1837 416 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
45 CVE-2016-1838 125 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
46 CVE-2016-1839 125 DoS 2016-05-20 2019-03-25
4.3
None Remote Medium Not required None None Partial
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
47 CVE-2016-4664 200 +Info 2017-02-20 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.
48 CVE-2016-4665 200 +Info 2017-02-20 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
49 CVE-2016-4679 59 2017-02-20 2019-03-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
50 CVE-2016-4680 200 +Info 2017-02-20 2019-03-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
Total number of vulnerabilities : 199   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.