Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 62 of 95
CVE-2020-11765MEDIUMCVSS 5.5fixed in 6.2.82020-04-14
CVE-2020-11765 [MEDIUM] CWE-125 CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
nvdapple
CVE-2020-11759MEDIUMCVSS 5.5fixed in 6.2.82020-04-14
CVE-2020-11759 [MEDIUM] CWE-190 CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLi
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
nvdapple
CVE-2020-3911CRITICALCVSS 9.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3911 [CRITICAL] CWE-120 CVE-2020-3911: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and i
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
nvd
CVE-2020-3909CRITICALCVSS 9.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3909 [CRITICAL] CWE-120 CVE-2020-3909: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and i
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
nvd
CVE-2020-3910CRITICALCVSS 9.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3910 [CRITICAL] CWE-120 CVE-2020-3910: A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and i
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
nvd
CVE-2020-9768HIGHCVSS 7.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-9768 [HIGH] CWE-416 CVE-2020-9768: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-3901HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3901 [HIGH] CWE-843 CVE-2020-3901: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-3899HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3899 [HIGH] CVE-2020-3899: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-3897HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3897 [HIGH] CWE-843 CVE-2020-3897: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-3900HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3900 [HIGH] CWE-787 CVE-2020-3900: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9785HIGHCVSS 7.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-9785 [HIGH] CWE-787 CVE-2020-9785: Multiple memory corruption issues were addressed with improved state management. This issue is fixed
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-3895HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3895 [HIGH] CWE-787 CVE-2020-3895: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-3883HIGHCVSS 8.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3883 [HIGH] CVE-2020-3883: This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macO
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.
nvd
CVE-2020-3919HIGHCVSS 7.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3919 [HIGH] CWE-665 CVE-2020-3919: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-3913HIGHCVSS 7.8fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3913 [HIGH] CVE-2020-3913: A permissions issue existed. This issue was addressed with improved permission validation. This issu
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.
nvd
CVE-2020-3916MEDIUMCVSS 5.3fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3916 [MEDIUM] CVE-2020-3916: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.
nvd
CVE-2020-3914MEDIUMCVSS 5.5fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3914 [MEDIUM] CWE-401 CVE-2020-3914: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.
nvd
CVE-2020-3917MEDIUMCVSS 5.5fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3917 [MEDIUM] CVE-2020-3917: This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tv
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.
nvd
CVE-2020-3891LOWCVSS 2.4fixed in 6.2≥ unspecified, < watchOS 6.22020-04-01
CVE-2020-3891 [LOW] CVE-2020-3891: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPad
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.
nvd
CVE-2019-8741HIGHCVSS 7.5fixed in 6.0≥ unspecified, < watchOS 62020-02-28
CVE-2019-8741 [HIGH] CWE-835 CVE-2019-8741: A denial of service issue was addressed with improved input validation.
A denial of service issue was addressed with improved input validation.
nvd