Vulnerabilities > Apple > Tvos > 13.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-3840 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An off by one issue existed in the handling of racoon configuration files. | 6.8 |
| 2020-02-27 | CVE-2020-3838 | Incorrect Default Permissions vulnerability in Apple products The issue was addressed with improved permissions logic. | 9.3 |
| 2020-02-27 | CVE-2020-3837 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
| 2020-02-27 | CVE-2020-3836 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An access issue was addressed with improved memory management. | 2.1 |
| 2020-02-27 | CVE-2020-3829 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 9.3 |
| 2020-02-27 | CVE-2020-3826 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.8 |
| 2020-02-27 | CVE-2020-3825 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
| 2020-02-24 | CVE-2019-20044 | Improper Check for Dropped Privileges vulnerability in multiple products In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. | 7.8 |
| 2019-12-11 | CVE-2019-14899 | Man-in-the-Middle vulnerability in multiple products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. | 7.4 |