Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ipados
(Apple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1131 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-27 | CVE-2019-8901 | This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | Ipados, Iphone_os | 6.5 | ||
| 2020-10-27 | CVE-2019-8834 | A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. | Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos | 4.3 | ||
| 2020-10-27 | CVE-2019-8830 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos | 8.8 | ||
| 2020-10-27 | CVE-2019-8827 | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. | Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos | 4.3 | ||
| 2020-10-27 | CVE-2019-8809 | A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos | 3.3 | ||
| 2020-10-27 | CVE-2019-8796 | A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. | Ipados, Iphone_os, Mac_os_x, Watchos | 5.3 | ||
| 2020-10-27 | CVE-2019-8850 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory. | Ipados, Iphone_os, Mac_os_x, Tvos | 5.5 | ||
| 2020-10-22 | CVE-2020-9994 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos | 7.1 | ||
| 2020-10-22 | CVE-2020-9985 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | Ipados, Iphone_os, Mac_os_x, Watchos | 7.8 | ||
| 2020-02-05 | CVE-2019-15126 | An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | Ipados, Iphone_os, Mac_os_x, Bcm43012_firmware, Bcm43013_firmware, Bcm4356_firmware, Bcm43752_firmware, Bcm4375_firmware, Bcm4389_firmware | N/A |