| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1451 |
CVE-2019-8828 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. |
|
1452 |
CVE-2019-8827 |
|
|
|
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. |
|
1453 |
CVE-2019-8826 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1454 |
CVE-2019-8825 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1455 |
CVE-2019-8824 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges. |
|
1456 |
CVE-2019-8809 |
|
|
|
2020-10-27 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier. |
|
1457 |
CVE-2019-8799 |
922 |
|
|
2020-10-27 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. |
|
1458 |
CVE-2019-8796 |
|
|
|
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. |
|
1459 |
CVE-2019-8790 |
922 |
|
|
2020-10-27 |
2020-11-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. |
|
1460 |
CVE-2019-8780 |
|
|
|
2020-10-27 |
2020-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout. |
|
1461 |
CVE-2019-8777 |
276 |
|
|
2020-10-27 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. |
|
1462 |
CVE-2019-8776 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges. |
|
1463 |
CVE-2019-8774 |
400 |
|
|
2020-10-27 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service. |
|
1464 |
CVE-2019-8773 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1465 |
CVE-2019-8771 |
1021 |
|
|
2020-10-27 |
2020-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. |
|
1466 |
CVE-2019-8767 |
787 |
|
Mem. Corr. |
2020-10-27 |
2020-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption. |
|
1467 |
CVE-2019-8762 |
79 |
|
XSS |
2020-10-27 |
2020-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. |
|
1468 |
CVE-2019-8761 |
200 |
|
+Info |
2020-10-27 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information. |
|
1469 |
CVE-2019-8759 |
125 |
|
|
2020-10-27 |
2020-10-29 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory. |
|
1470 |
CVE-2019-8756 |
20 |
|
Mem. Corr. |
2020-10-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. |
|
1471 |
CVE-2019-8754 |
346 |
|
|
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information. |
|
1472 |
CVE-2019-8753 |
79 |
|
XSS |
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
1473 |
CVE-2019-8752 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1474 |
CVE-2019-8751 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1475 |
CVE-2019-8749 |
20 |
|
Mem. Corr. |
2020-10-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. |
|
1476 |
CVE-2019-8746 |
125 |
|
Exec Code |
2020-10-27 |
2020-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
|
1477 |
CVE-2019-8744 |
|
|
Mem. Corr. |
2020-10-27 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout. |
|
1478 |
CVE-2019-8740 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. |
|
1479 |
CVE-2019-8737 |
20 |
|
DoS |
2020-10-27 |
2020-10-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack. |
|
1480 |
CVE-2019-8736 |
20 |
|
+Info |
2020-10-27 |
2020-10-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information. |
|
1481 |
CVE-2019-8734 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1482 |
CVE-2019-8732 |
200 |
|
+Info |
2020-10-27 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device. |
|
1483 |
CVE-2019-8728 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1484 |
CVE-2019-8718 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. |
|
1485 |
CVE-2019-8716 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. |
|
1486 |
CVE-2019-8715 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges. |
|
1487 |
CVE-2019-8712 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. |
|
1488 |
CVE-2019-8709 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges. |
|
1489 |
CVE-2019-8708 |
|
|
|
2020-10-27 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files. |
|
1490 |
CVE-2019-8706 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
|
1491 |
CVE-2019-8696 |
120 |
|
Exec Code Overflow |
2020-10-27 |
2020-10-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. |
|
1492 |
CVE-2019-8675 |
120 |
|
Exec Code Overflow |
2020-10-27 |
2020-10-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. |
|
1493 |
CVE-2019-8668 |
20 |
|
DoS |
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service. |
|
1494 |
CVE-2019-8664 |
20 |
|
DoS |
2020-10-27 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service. |
|
1495 |
CVE-2019-8656 |
|
|
Bypass |
2020-10-27 |
2020-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. |
|
1496 |
CVE-2019-8645 |
|
|
|
2020-10-27 |
2020-11-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail. |
|
1497 |
CVE-2019-8642 |
295 |
|
|
2020-10-27 |
2020-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. |
|
1498 |
CVE-2019-8640 |
20 |
|
|
2020-10-27 |
2020-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions. |
|
1499 |
CVE-2019-8639 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
1500 |
CVE-2019-8638 |
|
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. |
