Vulnerabilities > Apple > Ipados > 13.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-27 CVE-2020-3838 Incorrect Default Permissions vulnerability in Apple products
The issue was addressed with improved permissions logic.
network
apple CWE-276
critical
9.3
2020-02-27 CVE-2020-3837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
A memory corruption issue was addressed with improved memory handling.
network
apple CWE-119
critical
9.3
2020-02-27 CVE-2020-3836 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An access issue was addressed with improved memory management.
local
low complexity
apple CWE-119
2.1
2020-02-27 CVE-2020-3831 Race Condition vulnerability in Apple Ipados and Iphone OS
A race condition was addressed with improved locking.
network
high complexity
apple CWE-362
7.6
2020-02-27 CVE-2020-3829 Out-of-bounds Read vulnerability in Apple products
An out-of-bounds read was addressed with improved bounds checking.
network
apple CWE-125
critical
9.3
2020-02-27 CVE-2020-3828 Information Exposure vulnerability in Apple Ipados and Iphone OS
A lock screen issue allowed access to contacts on a locked device.
local
low complexity
apple CWE-200
2.1
2020-02-27 CVE-2020-3826 Out-of-bounds Read vulnerability in Apple products
An out-of-bounds read was addressed with improved input validation.
network
apple CWE-125
6.8
2020-02-27 CVE-2020-3825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Multiple memory corruption issues were addressed with improved memory handling.
network
apple CWE-119
6.8
2020-02-24 CVE-2019-20044 Improper Check for Dropped Privileges vulnerability in multiple products
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option.
local
low complexity
zsh fedoraproject debian apple CWE-273
7.8
2019-12-11 CVE-2019-14899 Man-in-the-Middle vulnerability in multiple products
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple CWE-300
7.4