Apple iOS - 5688 CVEs (Page 20/48)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2021-04-02

Critical

CVE-2021-1818

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS…

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2021-1801

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.…

CVSS: 6.5 CWE: N/A View on NVD

Medium

CVE-2021-1799

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watch…

CVSS: 6.5 CWE: N/A View on NVD

Medium

CVE-2021-1797

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.…

CVSS: 5.5 CWE: N/A View on NVD

Critical

CVE-2021-1796

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2021-1795

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2021-1794

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1793

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPad…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1761

CVSS: 7.5 CWE: N/A View on NVD

High

CVE-2021-1753

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 1…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1792

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2021-1791

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

High

CVE-2021-1788

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2021-1787

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

Medium

CVE-2021-1786

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-1785

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1783

An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, i…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 a…

CVSS: 7.0 CWE: CWE-667 - Improper Locking View on NVD

Medium

CVE-2021-1781

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Upd…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-1780

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of ser…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD

Medium

CVE-2021-1778

An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1777

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1776

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, t…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-1774

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2021-1773

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-1772

A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, i…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2021-1769

A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 a…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-1768

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1767

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a ma…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2021-1766

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-1764

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2021-1763

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4.…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2021-1760

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvO…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-1759

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1758

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1757

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Low

CVE-2021-1756

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical…

CVSS: 2.4 CWE: N/A View on NVD

Low

CVE-2021-1755

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access…

CVSS: 2.4 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2021-1754

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1750

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2021-1747

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 1…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-1746

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1745

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1744

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2021-1743

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2021-1742

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-1741

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-9978

This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Moj…

CVSS: 4.5 CWE: N/A View on NVD

High

CVE-2020-9975

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 20…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2020-9971

A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate pri…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-9967

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Securit…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-9962

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2020-9960

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-9956

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-9955

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously craft…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-9926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Sec…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-29639

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memo…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-29624

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 202…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Low

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security…

CVSS: 3.3 CWE: N/A View on NVD

High

CVE-2020-29619

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-29618

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-29617

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-29615

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-29614

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-29611

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-29610

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-29608

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-27951

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy vi…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-27948

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, i…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-27946

An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojav…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-27944

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27943

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 1…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-27935

Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbo…

CVSS: 6.3 CWE: N/A View on NVD

High

CVE-2020-27933

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, S…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27931

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Securi…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27924

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-27923

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27922

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-27920

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2020-27908

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-27899

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to el…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

2021-03-29

Critical

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demo…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

High

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiro…

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2021-03-24

Medium

CVE-2021-1381

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging consol…

CVSS: 6.1 CWE: CWE-489 - Active Debug Code View on NVD

Medium

CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated…

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-1375

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-1374

A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2021-1373

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Control…

CVSS: 8.6 CWE: CWE-126 - Buffer Over-read View on NVD

Medium

CVE-2021-1371

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using th…

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD

Medium

CVE-2021-1356

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2021-1352

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an…

CVSS: 7.4 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD

Medium

CVE-2021-1281

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to…

CVSS: 5.1 CWE: CWE-399 View on NVD

Medium

CVE-2021-1220

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2021-1454

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities…

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2021-1453

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute u…

CVSS: 6.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-1452

A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco…

CVSS: 6.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2021-1451

A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenti…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

High

CVE-2021-1446

A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an…

CVSS: 8.6 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD

Medium

CVE-2021-1443

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected d…

CVSS: 5.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

High

CVE-2021-1442

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administra…

CVSS: 7.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD

Medium

CVE-2021-1441

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an…

CVSS: 6.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Medium

CVE-2021-1436

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected syst…

CVSS: 4.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2021-1435

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to i…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2021-1434

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insuff…

CVSS: 4.4 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

High

CVE-2021-1433

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to i…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

High

CVE-2021-1432

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker…

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2021-1431

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2021-1403

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service…

CVSS: 7.4 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD

Medium

CVE-2021-1398

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitra…

CVSS: 6.8 CWE: CWE-489 - Active Debug Code View on NVD

Medium

CVE-2021-1394

A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of ser…

CVSS: 5.3 CWE: CWE-399 View on NVD

High

CVE-2021-1392

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and th…

CVSS: 7.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD

Medium

CVE-2021-1391

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the…

CVSS: 5.1 CWE: CWE-489 - Active Debug Code View on NVD

Medium

CVE-2021-1390

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulne…

CVSS: 5.1 CWE: CWE-123 - Write-what-where Condition View on NVD

Medium

CVE-2021-1384

A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root…

CVSS: 6.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Medium

CVE-2021-1383

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2021-1382

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating sy…

CVSS: 6.0 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Medium

CVE-2021-1377

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from reso…

CVSS: 5.8 CWE: CWE-399 View on NVD