This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2013-06-05
Product Watchos Last view 2020-10-16
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:* 670
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:* 641
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* 640
cpe:2.3:o:apple:watchos:1.01:*:*:*:*:*:*:* 633
cpe:2.3:o:apple:watchos:2.0:*:*:*:*:*:*:* 632
cpe:2.3:o:apple:watchos:2.0.0:*:*:*:*:*:*:* 604
cpe:2.3:o:apple:watchos:2.0.1:*:*:*:*:*:*:* 591
cpe:2.3:o:apple:watchos:2.1:*:*:*:*:*:*:* 588
cpe:2.3:o:apple:watchos:2.2:*:*:*:*:*:*:* 555
cpe:2.3:o:apple:watchos:2.2.1:*:*:*:*:*:*:* 527
cpe:2.3:o:apple:watchos:2.2.2:*:*:*:*:*:*:* 508
cpe:2.3:o:apple:watchos:3.0:*:*:*:*:*:*:* 457
cpe:2.3:o:apple:watchos:3.1:*:*:*:*:*:*:* 452
cpe:2.3:o:apple:watchos:3.1.1:*:*:*:*:*:*:* 451
cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:* 448
cpe:2.3:o:apple:watchos:3.2:*:*:*:*:*:*:* 414
cpe:2.3:o:apple:watchos:3.2.2:*:*:*:*:*:*:* 393
cpe:2.3:o:apple:watchos:3.2.3:*:*:*:*:*:*:* 383
cpe:2.3:o:apple:watchos:4:*:*:*:*:*:*:* 369
cpe:2.3:o:apple:watchos:4.0:*:*:*:*:*:*:* 367
cpe:2.3:o:apple:watchos:4.0.1:*:*:*:*:*:*:* 367
cpe:2.3:o:apple:watchos:4.1:*:*:*:*:*:*:* 363
cpe:2.3:o:apple:watchos:4.2.3:*:*:*:*:*:*:* 331
cpe:2.3:o:apple:watchos:4.3:*:*:*:*:*:*:* 301
cpe:2.3:o:apple:watchos:4.3.1:*:*:*:*:*:*:* 280
cpe:2.3:o:apple:watchos:4.3.2:*:*:*:*:*:*:* 265
cpe:2.3:o:apple:watchos:5.0:*:*:*:*:*:*:* 233
cpe:2.3:o:apple:watchos:5.0.1:*:*:*:*:*:*:* 233
cpe:2.3:o:apple:watchos:5.1:*:*:*:*:*:*:* 212
cpe:2.3:o:apple:watchos:5.1.1:*:*:*:*:*:*:* 211
cpe:2.3:o:apple:watchos:5.1.2:*:*:*:*:*:*:* 196
cpe:2.3:o:apple:watchos:5.1.3:*:*:*:*:*:*:* 180
cpe:2.3:o:apple:watchos:5.3:*:*:*:*:*:*:* 111

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-10-16 CVE-2020-9976

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.

5.5 2020-10-16 CVE-2020-9968

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.

6.1 2020-10-16 CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.8 2020-10-16 CVE-2020-9946

This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.

7.8 2020-10-16 CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

3.3 2020-10-16 CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

6.1 2020-10-16 CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.

7.8 2020-10-16 CVE-2020-9923

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.

9.8 2020-10-16 CVE-2020-9918

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

5.3 2020-10-16 CVE-2020-9916

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.

6.5 2020-10-16 CVE-2020-9915

An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

8.8 2020-10-16 CVE-2020-9910

Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

5.9 2020-10-16 CVE-2020-9909

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

9.8 2020-10-16 CVE-2020-9895

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

4.3 2020-10-16 CVE-2020-9894

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

8.8 2020-10-16 CVE-2020-9893

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

7.8 2020-10-16 CVE-2020-9891

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-10-16 CVE-2020-9890

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-10-16 CVE-2020-9889

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-10-16 CVE-2020-9888

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

5.5 2020-10-16 CVE-2020-9885

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.

7.8 2020-10-16 CVE-2020-9884

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-10-16 CVE-2020-9878

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

8.6 2020-10-16 CVE-2020-9865

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.

9.8 2020-10-16 CVE-2020-9862

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
48% (308) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (55) CWE-20 Improper Input Validation
8% (54) CWE-200 Information Exposure
7% (48) CWE-125 Out-of-bounds Read
5% (36) CWE-787 Out-of-bounds Write
4% (26) CWE-416 Use After Free
2% (15) CWE-362 Race Condition
1% (9) CWE-476 NULL Pointer Dereference
1% (8) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (7) CWE-264 Permissions, Privileges, and Access Controls
1% (7) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (6) CWE-190 Integer Overflow or Wraparound
0% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (4) CWE-399 Resource Management Errors
0% (4) CWE-295 Certificate Issues
0% (4) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (3) CWE-704 Incorrect Type Conversion or Cast
0% (3) CWE-665 Improper Initialization
0% (3) CWE-254 Security Features
0% (2) CWE-310 Cryptographic Issues
0% (2) CWE-284 Access Control (Authorization) Issues
0% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (1) CWE-668 Exposure of Resource to Wrong Sphere
0% (1) CWE-667 Insufficient Locking

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-09-02 WebKit JIT compiler common subexpression elimination out of bounds access att...
RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2
2020-09-02 WebKit JIT compiler common subexpression elimination out of bounds access att...
RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2
2020-04-21 Apple Safari browser putToPrimitive cross-site scripting attempt
RuleID : 53479 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari WebKit type confusion attempt
RuleID : 53478 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari WebKit type confusion attempt
RuleID : 53477 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari browser putToPrimitive cross-site scripting attempt
RuleID : 53476 - Type : BROWSER-WEBKIT - Revision : 2
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1
2019-12-17 Apple Safari WebKit handleIntrinsicCall type confusion attempt
RuleID : 52245 - Type : BROWSER-WEBKIT - Revision : 1
2019-12-17 Apple Safari WebKit handleIntrinsicCall type confusion attempt
RuleID : 52244 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-08 Apple Safari memory corruption attempt
RuleID : 51416 - Type : BROWSER-WEBKIT - Revision : 2
2019-10-08 Apple Safari memory corruption attempt
RuleID : 51415 - Type : BROWSER-WEBKIT - Revision : 2
2019-10-01 WebKit GetIndexedPropertyStorage memory corruption attempt
RuleID : 51386 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 WebKit GetIndexedPropertyStorage memory corruption attempt
RuleID : 51385 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 Apple WebKit JSArray component out-of-bounds access
RuleID : 51382 - Type : BROWSER-WEBKIT - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO
2018-12-19 Name: An application installed on remote host is affected by multiple vulnerabilities
File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: A web browser installed on the remote macOS or Mac OS X host is affected by m...
File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: A web browser installed on the remote macOS or Mac OS X host is affected by m...
File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO