Product:

Iphone_os

(Apple)
Date Id Summary Products Score Patch Annotated
2020-11-03 CVE-2020-15969 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora, Chrome, Backports_sle 8.8
2020-12-08 CVE-2020-10016 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. Ipados, Iphone_os, Macos, Tvos, Watchos 7.8
2020-12-08 CVE-2020-9999 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution. Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos 7.8
2020-12-08 CVE-2020-27902 An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. Ipados, Iphone_os 4.6
2020-12-08 CVE-2020-27905 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges. Ipados, Iphone_os, Tvos, Watchos 7.8
2021-02-16 CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function... Ipad_os, Iphone_os, Macos, Safari, Debian_linux, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Openssl, Enterprise_manager_ops_center, Graalvm, Mysql_enterprise_monitor, Mysql_server, Nessus_network_monitor, Tenable\.sc 5.9
2021-04-02 CVE-2020-9967 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos 7.8
2019-12-11 CVE-2019-14899 A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. Ipad_os, Iphone_os, Mac_os_x, Tvos, Freebsd, Linux_kernel, Openbsd 7.4
2021-04-02 CVE-2021-1772 A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos 7.8
2011-11-11 CVE-2011-3439 FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. Iphone_os, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A