Watchos Security Vulnerabilities and Issues — Watchos CVE List

Lucene search

AppleWatchos

449 matches found

CVE•added 2024/02/21 7:15 a.m.•6204 views

CVE-2023-42946

This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.

7.5CVSS7.1AI score0.00144EPSS

CVE•added 2024/02/21 7:15 a.m.•4486 views

CVE-2023-42942

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.

7.8CVSS7AI score0.00126EPSS

CVE•added 2024/02/21 7:15 a.m.•4469 views

CVE-2023-42848

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.

7.8CVSS6.9AI score0.00043EPSS

CVE•added 2020/12/08 10:15 p.m.•2107 views

CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary cod...

7.8CVSS8.6AI score0.00164EPSS

CVE•added 2021/08/24 7:15 p.m.•1244 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...

7.8CVSS6.5AI score0.69382EPSS

CVE•added 2020/06/05 3:15 p.m.•1111 views

CVE-2020-9859

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.1AI score0.00295EPSS

CVE•added 2020/12/08 9:15 p.m.•1086 views

CVE-2020-27950

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalin...

7.1CVSS5.3AI score0.37741EPSS

CVE•added 2021/04/02 6:15 p.m.•1041 views

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a repor...

7CVSS7AI score0.06092EPSS

CVE•added 2023/06/23 6:15 p.m.•1020 views

CVE-2023-27930

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.5AI score0.00054EPSS

CVE•added 2020/12/08 9:15 p.m.•1019 views

CVE-2020-27930

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplem...

7.8CVSS7.6AI score0.47457EPSS

CVE•added 2023/06/23 6:15 p.m.•930 views

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with ker...

7.8CVSS7.9AI score0.82398EPSS

CVE•added 2022/08/24 8:15 p.m.•882 views

CVE-2022-32894

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploi...

7.8CVSS7.9AI score0.00338EPSS

CVE•added 2021/08/24 7:15 p.m.•733 views

CVE-2021-31010

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that ...

7.5CVSS6.7AI score0.01359EPSS

CVE•added 2023/07/27 1:15 a.m.•551 views

CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.

7.5CVSS6.7AI score0.00345EPSS

CVE•added 2023/05/08 8:15 p.m.•499 views

CVE-2023-27969

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.1AI score0.00071EPSS

CVE•added 2025/01/27 10:15 p.m.•435 views

CVE-2025-24159

A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS6.9AI score0.00044EPSS

CVE•added 2022/02/26 5:15 a.m.•410 views

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5CVSS7.7AI score0.00044EPSS

CVE•added 2023/09/07 6:15 p.m.•398 views

CVE-2023-41061

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

7.8CVSS6.6AI score0.04339EPSS

CVE•added 2015/12/15 9:59 p.m.•372 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

7.1CVSS6.2AI score0.04812EPSS

CVE•added 2020/02/24 2:15 p.m.•359 views

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

7.8CVSS7.8AI score0.00091EPSS

CVE•added 2024/03/05 8:16 p.m.•329 views

CVE-2024-23225

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue ma...

7.8CVSS7AI score0.00033EPSS

CVE•added 2022/11/23 12:15 a.m.•326 views

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

7.5CVSS6.9AI score0.00181EPSS

CVE•added 2023/07/27 1:15 a.m.•321 views

CVE-2023-38580

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.5AI score0.00055EPSS

CVE•added 2025/01/27 10:15 p.m.•314 views

CVE-2025-24085

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been activ...

7.8CVSS5.8AI score0.0986EPSS

CVE•added 2023/07/27 1:15 a.m.•308 views

CVE-2023-32734

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.5AI score0.00046EPSS

CVE•added 2023/07/27 1:15 a.m.•299 views

CVE-2023-35993

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel priv...

7.8CVSS7.3AI score0.00039EPSS

CVE•added 2020/05/27 3:15 p.m.•293 views

CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

7CVSS7.5AI score0.00177EPSS

CVE•added 2023/07/27 1:15 a.m.•288 views

CVE-2023-32441

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.3AI score0.00039EPSS

CVE•added 2023/07/27 1:15 a.m.•286 views

CVE-2023-38565

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.

7.8CVSS6.7AI score0.00029EPSS

CVE•added 2020/06/09 5:15 p.m.•284 views

CVE-2020-9805

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross si...

7.1CVSS7AI score0.00249EPSS

CVE•added 2022/11/23 6:15 p.m.•283 views

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

7.8CVSS6.9AI score0.00095EPSS

CVE•added 2021/10/19 2:15 p.m.•281 views

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

7.8CVSS8.5AI score0.00321EPSS

CVE•added 2023/07/27 12:15 a.m.•281 views

CVE-2023-32433

7.8CVSS7.3AI score0.00039EPSS

CVE•added 2019/04/03 6:29 p.m.•279 views

CVE-2018-20505

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

7.5CVSS8.2AI score0.07886EPSS

CVE•added 2019/12/18 6:15 p.m.•273 views

CVE-2019-8646

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.

7.5CVSS6.8AI score0.07545EPSS

CVE•added 2023/07/27 12:15 a.m.•272 views

CVE-2023-32381

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.3AI score0.00053EPSS

CVE•added 2023/09/12 12:15 a.m.•266 views

CVE-2023-41990

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is awa...

7.8CVSS7.9AI score0.04103EPSS

CVE•added 2015/04/24 5:59 p.m.•257 views

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

7.5CVSS8.2AI score0.07077EPSS

CVE•added 2020/06/09 5:15 p.m.•256 views

CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a ...

7.1CVSS6.9AI score0.00206EPSS

CVE•added 2020/10/16 5:15 p.m.•247 views

CVE-2020-9862

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspe...

7.8CVSS8AI score0.00253EPSS

CVE•added 2015/04/24 5:59 p.m.•245 views

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHE...

7.5CVSS8.2AI score0.07077EPSS

CVE•added 2020/10/16 5:15 p.m.•228 views

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

7.1CVSS6.6AI score0.00434EPSS

CVE•added 2024/03/05 8:16 p.m.•224 views

CVE-2024-23296

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

7.8CVSS7AI score0.00085EPSS

CVE•added 2015/04/24 5:59 p.m.•222 views

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecifie...

7.5CVSS8.1AI score0.05572EPSS

CVE•added 2022/01/20 6:15 p.m.•219 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363)....

7.3CVSS6.4AI score0.01107EPSS

CVE•added 2016/06/09 4:59 p.m.•209 views

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5CVSS8.1AI score0.02801EPSS

CVE•added 2022/12/15 7:15 p.m.•207 views

CVE-2022-46689

A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

7CVSS7.5AI score0.85567EPSS

CVE•added 2021/08/24 7:15 p.m.•199 views

CVE-2021-30928

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.9AI score0.00563EPSS

CVE•added 2021/10/19 2:15 p.m.•197 views

CVE-2021-30846

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

7.8CVSS8.3AI score0.00518EPSS

CVE•added 2024/01/09 6:15 p.m.•194 views

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been expl...

7CVSS6.3AI score0.0018EPSS

Total number of security vulnerabilities449