Watchos@* Security Vulnerabilities and Issues — Watchos@* CVE List

Lucene search

AppleWatchos*

75 matches found

CVE•added 2016/09/25 10:59 a.m.•387 views

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free a...

10CVSS8AI score0.19344EPSS

CVE•added 2016/07/23 7:59 p.m.•303 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04195EPSS

CVE•added 2016/05/20 10:59 a.m.•161 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.10773EPSS

CVE•added 2016/03/24 1:59 a.m.•141 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS

CVE•added 2016/09/25 10:59 a.m.•140 views

CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.7AI score0.07628EPSS

CVE•added 2016/05/20 10:59 a.m.•129 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS

CVE•added 2016/05/20 10:59 a.m.•122 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS

CVE•added 2016/05/20 10:59 a.m.•121 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01788EPSS

CVE•added 2016/05/20 10:59 a.m.•119 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.01214EPSS

CVE•added 2016/05/20 10:59 a.m.•116 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS

CVE•added 2016/05/20 10:59 a.m.•112 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS

CVE•added 2016/07/22 2:59 a.m.•89 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/05/20 10:59 a.m.•78 views

CVE-2016-1841

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.01678EPSS

CVE•added 2016/07/22 2:59 a.m.•73 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2016/05/20 10:59 a.m.•71 views

CVE-2016-1827

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, ...

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/09/25 11:0 a.m.•71 views

CVE-2016-4773

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/07/22 3:0 a.m.•70 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•70 views

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

6.5CVSS6.4AI score0.04174EPSS

CVE•added 2016/03/24 1:59 a.m.•68 views

CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

9.3CVSS7.1AI score0.03453EPSS

CVE•added 2016/05/20 10:59 a.m.•68 views

CVE-2016-1828

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/06/26 1:59 a.m.•65 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

CVE•added 2016/07/22 2:59 a.m.•65 views

CVE-2016-4607

9.8CVSS9.2AI score

CVE•added 2016/09/25 10:59 a.m.•65 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4776

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4774

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/07/22 2:59 a.m.•63 views

CVE-2016-1863

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•63 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2016/06/26 1:59 a.m.•62 views

CVE-2015-7988

The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

9.8CVSS9.7AI score0.01933EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-4631

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

8.8CVSS8.9AI score0.0271EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4725

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

8.1CVSS7.7AI score0.01307EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4737

WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS9.1AI score0.01841EPSS

CVE•added 2016/03/24 1:59 a.m.•61 views

CVE-2016-1740

FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

9.3CVSS7.4AI score0.0135EPSS

CVE•added 2016/02/01 11:59 a.m.•60 views

CVE-2016-1727

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

9.3CVSS7.7AI score0.01025EPSS

CVE•added 2016/09/25 10:59 a.m.•60 views

CVE-2016-4753

Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS8.1AI score0.00365EPSS

CVE•added 2016/09/25 11:0 a.m.•60 views

CVE-2016-4777

9.3CVSS8.2AI score0.00263EPSS

CVE•added 2016/03/24 1:59 a.m.•59 views

CVE-2016-1753

Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.8AI score0.00362EPSS

CVE•added 2016/09/25 10:59 a.m.•59 views

CVE-2016-4702

Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS9.2AI score0.14118EPSS

CVE•added 2016/09/25 10:59 a.m.•59 views

CVE-2016-4718

Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

6.5CVSS6.5AI score0.0232EPSS

CVE•added 2016/09/25 11:0 a.m.•59 views

CVE-2016-4775

The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7.7AI score0.00065EPSS

CVE•added 2016/03/24 1:59 a.m.•58 views

CVE-2016-1752

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.

7.1CVSS5.6AI score0.00185EPSS

CVE•added 2016/03/24 1:59 a.m.•58 views

CVE-2016-1754

9.3CVSS7.1AI score0.03453EPSS

CVE•added 2016/05/20 10:59 a.m.•58 views

CVE-2016-1819

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft...

9.3CVSS7.6AI score0.04268EPSS

CVE•added 2016/07/22 2:59 a.m.•58 views

CVE-2016-1865

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS5.7AI score0.00056EPSS

CVE•added 2016/02/01 11:59 a.m.•57 views

CVE-2016-1724

8.8CVSS7.7AI score0.01025EPSS

CVE•added 2016/05/20 10:59 a.m.•57 views

CVE-2016-1830

8.5CVSS7.5AI score0.05151EPSS

CVE•added 2016/07/22 2:59 a.m.•57 views

CVE-2016-4616

9.8CVSS9.1AI score

CVE•added 2016/05/20 10:59 a.m.•56 views

CVE-2016-1829