Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 2946 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22589 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2022-05-17 4.3 MEDIUM 6.1 MEDIUM
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
CVE-2020-6147 2 Apple, Pixar 3 Ipados, Iphone Os, Openusd 2022-05-13 6.8 MEDIUM 7.8 HIGH
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.
CVE-2020-13630 9 Apple, Brocade, Canonical and 6 more 20 Icloud, Ipados, Iphone Os and 17 more 2022-05-13 4.4 MEDIUM 7.0 HIGH
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-13631 8 Apple, Brocade, Canonical and 5 more 19 Icloud, Ipados, Iphone Os and 16 more 2022-05-13 2.1 LOW 5.5 MEDIUM
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2022-05-13 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2022-22666 1 Apple 4 Ipados, Iphone Os, Tvos and 1 more 2022-05-12 6.8 MEDIUM 7.8 HIGH
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.
CVE-2020-15358 5 Apple, Canonical, Oracle and 2 more 16 Icloud, Ipados, Iphone Os and 13 more 2022-05-12 2.1 LOW 5.5 MEDIUM
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CVE-2020-13434 7 Apple, Canonical, Debian and 4 more 15 Icloud, Ipad Os, Iphone Os and 12 more 2022-05-12 2.1 LOW 5.5 MEDIUM
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2021-23841 6 Apple, Debian, Netapp and 3 more 22 Ipad Os, Iphone Os, Macos and 19 more 2022-05-12 4.3 MEDIUM 5.9 MEDIUM
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-30724 1 Apple 5 Ipad Os, Iphone Os, Mac Os X and 2 more 2022-05-03 4.6 MEDIUM 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.
CVE-2021-30906 1 Apple 5 Ipad Os, Iphone Os, Macos and 2 more 2022-05-03 4.6 MEDIUM 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.
CVE-2021-30665 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2022-05-03 6.8 MEDIUM 8.8 HIGH
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-34423 5 Apple, Google, Linux and 2 more 31 Iphone Os, Macos, Android and 28 more 2022-04-29 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.
CVE-2021-34424 5 Apple, Google, Linux and 2 more 30 Iphone Os, Macos, Android and 27 more 2022-04-29 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.
CVE-2020-6558 4 Apple, Debian, Google and 1 more 5 Iphone Os, Debian Linux, Chrome and 2 more 2022-04-28 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-9815 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2022-04-27 9.3 HIGH 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
CVE-2020-9775 1 Apple 3 Ipados, Iphone Os, Mac Os X 2022-04-27 5.0 MEDIUM 5.3 MEDIUM
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.
CVE-2021-1788 3 Apple, Debian, Fedoraproject 9 Ipados, Iphone Os, Mac Os X and 6 more 2022-04-26 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-6616 3 Apple, Google, Samsung 7 Ipad Os, Iphone Os, Mac Os X and 4 more 2022-04-26 3.3 LOW 6.5 MEDIUM
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
CVE-2021-1871 3 Apple, Debian, Fedoraproject 6 Ipad Os, Iphone Os, Mac Os X and 3 more 2022-04-26 7.5 HIGH 9.8 CRITICAL
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..