Apple iOS - 5688 CVEs (Page 17/48)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2021-11-02

Medium

CVE-2021-33593

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

CVSS: 5.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD

2021-10-28

High

CVE-2021-30840

This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2021-30836

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio f…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-30834

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2021-30831

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30823

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network posi…

CVSS: 6.5 CWE: N/A View on NVD

High

CVE-2021-30818

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

Low

CVE-2021-30816

The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.

CVSS: 2.4 CWE: N/A View on NVD

High

CVE-2021-30814

A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary c…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30809

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead t…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2021-30808

This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9897

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

2021-10-25

Low

CVE-2020-14264

"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"

CVSS: 3.9 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD

2021-10-21

Low

CVE-2020-14263

"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"

CVSS: 3.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

High

CVE-2021-1529

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient in…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2021-10-19

High

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30848

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30847

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Proces…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30846

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously cra…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30843

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Proces…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30842

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30841

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privilege…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30837

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kern…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously c…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.

CVSS: 7.5 CWE: N/A View on NVD

High

CVE-2021-30825

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS: 7.8 CWE: N/A View on NVD

Critical

CVE-2021-30820

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2021-30819

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Low

CVE-2021-30815

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able t…

CVSS: 2.4 CWE: N/A View on NVD

Medium

CVE-2021-30811

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user ont…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2021-30807

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

2021-10-13

Medium

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a…

CVSS: 6.1 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2021-20833

The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communicatio…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD

Medium

CVE-2021-20832

InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2021-10-04

High

CVE-2021-41093

Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved i…

CVSS: 7.4 CWE: CWE-285 - Improper Authorization View on NVD

2021-09-27

Medium

CVE-2021-37786

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0…

CVSS: 4.6 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD

2021-09-23

Critical

CVE-2021-34770

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unau…

CVSS: 10.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2021-34769

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allo…

CVSS: 8.6 CWE: CWE-415 - Double Free View on NVD

High

CVE-2021-34768

CVSS: 8.6 CWE: CWE-415 - Double Free View on NVD

High

CVE-2021-34767

A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause…

CVSS: 7.4 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD

Medium

CVE-2021-34729

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Critical

CVE-2021-34727

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to i…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2021-34725

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operat…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Medium

CVE-2021-34724

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root us…

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2021-34723

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an aff…

CVSS: 6.7 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD

High

CVE-2021-34714

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an u…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2021-34705

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination…

CVSS: 5.3 CWE: CWE-232 - Improper Handling of Undefined Values View on NVD

Medium

CVE-2021-34703

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting…

CVSS: 6.8 CWE: CWE-456 - Missing Initialization of a Variable View on NVD

High

CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an…

CVSS: 7.7 CWE: CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities View on NVD

Medium

CVE-2021-34697

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) att…

CVSS: 5.8 CWE: CWE-665 - Improper Initialization View on NVD

Medium

CVE-2021-1625

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying…

CVSS: 5.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2021-1624

A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco Quan…

CVSS: 8.6 CWE: CWE-399 View on NVD

High

CVE-2021-1622

A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaust…

CVSS: 8.6 CWE: CWE-833 - Deadlock View on NVD

High

CVE-2021-1621

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resul…

CVSS: 7.4 CWE: CWE-399 View on NVD

High

CVE-2021-1620

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to e…

CVSS: 7.7 CWE: CWE-563 - Assignment to Variable without Use View on NVD

Critical

CVE-2021-1619

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authenticati…

CVSS: 9.8 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD

Medium

CVE-2021-1616

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass t…

CVSS: 4.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD

Medium

CVE-2021-1612

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access con…

CVSS: 5.5 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD

High

CVE-2021-1611

A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and E…

CVSS: 8.6 CWE: CWE-399 View on NVD

High

CVE-2021-1565

CVSS: 8.6 CWE: CWE-415 - Double Free View on NVD

2021-09-22

High

CVE-2021-41011

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a s…

CVSS: 7.5 CWE: N/A View on NVD

2021-09-09

Medium

CVE-2021-34771

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient applicati…

CVSS: 5.5 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD

Medium

CVE-2021-34737

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial o…

CVSS: 5.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2021-34728

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more informati…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Medium

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary comma…

CVSS: 6.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Medium

CVE-2021-34721

CVSS: 6.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2021-34720

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-771 - Missing Reference to Active Allocated Resource View on NVD

High

CVE-2021-34719

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due t…

CVSS: 8.1 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD

High

CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected…

CVSS: 7.4 CWE: CWE-399 View on NVD

Medium

CVE-2021-34709

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software f…

CVSS: 6.0 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-34708

CVSS: 6.0 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

2021-09-08

Medium

CVE-2021-36215

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.

CVSS: 5.3 CWE: N/A View on NVD

High

CVE-2021-33982

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessio…

CVSS: 7.5 CWE: CWE-613 - Insufficient Session Expiration View on NVD

Medium

CVE-2021-33981

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve ot…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD

High

CVE-2021-30715

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing…

CVSS: 7.5 CWE: N/A View on NVD

Medium

CVE-2021-30714

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory.

CVSS: 6.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2021-30710

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina,…

CVSS: 7.1 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2021-30709

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a ma…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30708

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-30707

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arb…

CVSS: 8.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2021-30706

Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addresse…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30705

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watc…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30704

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big S…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30703

A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macO…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD

High

CVE-2021-30701

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2021-30700

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosu…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30699

A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.

CVSS: 4.6 CWE: N/A View on NVD

High

CVE-2021-30698

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a d…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

Medium

CVE-2021-30697

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30695

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 1…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30694

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 a…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30693

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processi…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2021-30692

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30691

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30689

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2021-30687

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macO…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30686

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Proc…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30685

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously cr…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30681

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2021-30677

This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS…

CVSS: 8.8 CWE: N/A View on NVD

Medium

CVE-2021-30674

This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30667

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mech…

CVSS: 5.4 CWE: CWE-287 - Improper Authentication View on NVD

High

CVE-2021-30666

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

High

CVE-2021-30665

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing mal…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30664

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-30663

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing malicious…

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2021-30662

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

CVSS: 7.3 CWE: N/A View on NVD

High

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2021-30660

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-30659

A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user info…

CVSS: 6.5 CWE: N/A View on NVD

Medium

CVE-2021-30656

An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30653

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrar…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30652

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5,…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2021-1885

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-1884

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macO…

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

Medium

CVE-2021-1883

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big S…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD