CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Watchos : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-8803 613 2019-12-18 2019-12-26
4.6
None Local Low Not required Partial Partial Partial
An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
102 CVE-2019-8796 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.
103 CVE-2019-8794 20 2019-12-18 2019-12-26
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.
104 CVE-2019-8764 79 XSS 2019-12-18 2020-03-15
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
105 CVE-2019-8753 79 XSS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.
106 CVE-2019-8744 Mem. Corr. 2020-10-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.
107 CVE-2019-8668 20 DoS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.
108 CVE-2019-8664 20 DoS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None None Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
109 CVE-2019-8658 79 XSS 2019-12-18 2020-08-24
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
110 CVE-2019-8626 20 DoS 2019-12-18 2019-12-20
4.3
None Remote Medium Not required None None Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
111 CVE-2019-8612 2020-10-27 2020-10-30
4.0
None Remote Low ??? None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state.
112 CVE-2019-8607 125 2019-12-18 2019-12-23
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.
113 CVE-2019-8598 119 Overflow 2019-12-18 2020-08-24
4.3
None Remote Medium Not required Partial None None
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.
114 CVE-2019-8597 843 Exec Code Mem. Corr. 2019-12-18 2021-07-21
4.3
None Remote Medium Not required Partial None None
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
115 CVE-2019-8560 125 2019-12-18 2019-12-20
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.
116 CVE-2019-8550 459 2019-12-18 2020-08-24
4.3
None Remote Medium Not required Partial None None
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
117 CVE-2019-8538 DoS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.
118 CVE-2019-8532 2020-10-27 2020-10-30
4.3
None Remote Medium Not required Partial None None
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.
119 CVE-2019-8517 125 2019-12-18 2019-12-31
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.
120 CVE-2019-8502 20 2019-12-18 2019-12-31
4.3
None Remote Medium Not required None Partial None
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
121 CVE-2019-7292 20 2019-12-18 2019-12-31
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
122 CVE-2019-6231 125 2019-03-05 2019-03-07
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.
123 CVE-2019-6209 125 2019-03-05 2019-03-06
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
124 CVE-2018-4460 20 DoS 2019-04-03 2019-04-09
4.0
None Remote Low ??? None None Partial
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
125 CVE-2018-4433 2020-10-27 2020-11-02
4.3
None Remote Medium Not required None Partial None
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.
126 CVE-2018-4431 200 +Info 2019-04-03 2019-04-05
4.9
None Local Low Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
127 CVE-2018-4429 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.
128 CVE-2018-4400 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
129 CVE-2018-4399 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
130 CVE-2018-4391 2020-10-27 2020-10-30
4.3
None Remote Medium Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
131 CVE-2018-4390 2020-10-27 2020-10-30
4.3
None Remote Medium Not required None Partial None
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
132 CVE-2018-4377 79 XSS 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
133 CVE-2018-4374 79 XSS 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
134 CVE-2018-4368 20 DoS 2019-04-03 2019-04-05
4.0
None Remote Low ??? None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
135 CVE-2018-4304 20 DoS 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
136 CVE-2018-4290 DoS 2019-04-03 2019-10-03
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.
137 CVE-2018-4282 125 2019-04-03 2019-04-04
4.9
None Local Low Not required Complete None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
138 CVE-2018-4273 119 Overflow Mem. Corr. 2019-04-03 2019-10-03
4.3
None Remote Medium Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
139 CVE-2018-4271 119 Overflow Mem. Corr. 2019-04-03 2019-10-03
4.3
None Remote Medium Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
140 CVE-2018-4270 119 Overflow Mem. Corr. 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
141 CVE-2018-4266 362 2019-04-03 2019-04-04
4.3
None Remote Medium Not required None None Partial
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
142 CVE-2018-4240 20 DoS 2018-06-08 2019-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
143 CVE-2018-4198 20 DoS 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
144 CVE-2018-4146 119 DoS Overflow Mem. Corr. 2018-04-03 2019-03-08
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.
145 CVE-2018-4117 200 Bypass +Info 2018-04-03 2018-11-09
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
146 CVE-2018-4113 617 2018-04-03 2019-10-03
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
147 CVE-2018-4104 200 Bypass +Info 2018-04-03 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
148 CVE-2018-4093 200 Bypass +Info 2018-04-03 2018-04-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
149 CVE-2018-4090 200 Bypass +Info 2018-04-03 2018-04-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
150 CVE-2018-4086 295 2018-04-03 2018-05-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
Total number of vulnerabilities : 199   Page : 1 2 3 (This Page)4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.