CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30882 2021-08-24 2021-11-01
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call.
2 CVE-2021-30880 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
3 CVE-2021-30879 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
4 CVE-2021-30877 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
5 CVE-2021-30876 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
6 CVE-2021-30874 862 2021-08-24 2021-11-23
5.0
None Remote Low Not required None Partial None
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.
7 CVE-2021-30864 2021-08-24 2021-11-01
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A sandboxed process may be able to circumvent sandbox restrictions.
8 CVE-2021-30854 2021-08-24 2021-11-01
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.
9 CVE-2021-30844 2021-10-19 2021-10-22
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.
10 CVE-2021-30826 2021-10-19 2021-11-05
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.
11 CVE-2021-30800 DoS Exec Code 2021-09-08 2021-09-21
5.8
None Local Network Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.
12 CVE-2021-30788 2021-09-08 2021-09-15
5.8
None Remote Medium Not required Partial None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
13 CVE-2021-30786 362 Exec Code 2021-09-08 2021-09-21
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
14 CVE-2021-30741 416 2021-09-08 2021-09-14
5.8
None Remote Medium Not required None Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
15 CVE-2021-30729 2021-09-08 2021-09-14
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.
16 CVE-2021-30720 287 2021-09-08 2021-09-22
5.8
None Remote Medium Not required Partial Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.
17 CVE-2021-30715 DoS 2021-09-08 2021-09-16
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.
18 CVE-2021-30710 787 DoS Mem. Corr. 2021-09-08 2021-09-16
5.8
None Remote Medium Not required Partial None Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.
19 CVE-2021-30698 476 DoS 2021-09-08 2021-09-17
5.0
None Remote Low Not required None None Partial
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.
20 CVE-2021-22925 908 2021-08-05 2021-10-20
5.0
None Remote Low Not required Partial None None
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
21 CVE-2021-1849 347 Bypass 2021-09-08 2021-09-20
5.0
None Remote Low Not required Partial None None
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.
22 CVE-2021-1809 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.
23 CVE-2021-1808 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.
24 CVE-2021-1784 732 2021-09-08 2021-09-16
5.0
None Remote Low Not required None Partial None
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.
25 CVE-2021-1764 416 DoS 2021-04-02 2021-04-09
5.0
None Remote Low Not required None None Partial
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
26 CVE-2021-1761 DoS 2021-04-02 2021-04-13
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
27 CVE-2020-36230 617 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
28 CVE-2020-36229 843 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
29 CVE-2020-36228 191 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
30 CVE-2020-36227 835 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
31 CVE-2020-36226 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
32 CVE-2020-36225 415 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
33 CVE-2020-36224 763 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
34 CVE-2020-36223 125 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
35 CVE-2020-36222 617 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
36 CVE-2020-36221 191 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
37 CVE-2020-25709 617 2021-05-18 2021-09-14
5.0
None Remote Low Not required None None Partial
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
38 CVE-2020-14155 190 Overflow 2020-06-15 2021-09-22
5.0
None Remote Low Not required None None Partial
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
39 CVE-2020-10663 20 2020-04-28 2021-09-22
5.0
None Remote Low Not required None Partial None
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
40 CVE-2020-9995 79 XSS 2021-04-02 2021-04-07
5.8
None Remote Medium Not required Partial Partial None
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.
41 CVE-2020-9994 2020-10-22 2020-10-26
5.8
None Remote Medium Not required None Partial Partial
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
42 CVE-2020-9991 DoS 2020-12-08 2021-03-09
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
43 CVE-2020-9952 79 XSS 2020-10-16 2020-12-23
5.8
None Remote Medium Not required None Partial Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
44 CVE-2020-9941 2020-10-27 2020-12-15
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.
45 CVE-2020-9931 20 DoS 2020-10-16 2020-10-20
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.
46 CVE-2020-9924 DoS 2020-10-22 2020-10-27
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.
47 CVE-2020-9917 DoS 2020-10-16 2020-10-20
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.
48 CVE-2020-9916 2020-10-16 2020-10-20
5.0
None Remote Low Not required None Partial None
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.
49 CVE-2020-9914 20 DoS 2020-10-16 2020-10-20
5.0
None Remote Low Not required None None Partial
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.
50 CVE-2020-9911 Bypass 2020-10-16 2020-10-20
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.
Total number of vulnerabilities : 662   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.