Vulnerabilities > Apple > Watchos > 2.2.0

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1819 Use After Free vulnerability in Apple products
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
network
apple CWE-416
critical
 9.3
9.3
2016-05-20 CVE-2016-1817 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
network
apple CWE-119
critical
 9.3
9.3
2016-05-20 CVE-2016-1813 NULL Pointer Dereference vulnerability in Apple products
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
apple CWE-476
critical
 9.3
9.3
2016-05-20 CVE-2016-1811 NULL Pointer Dereference vulnerability in Apple products
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
network
apple CWE-476
4.3
4.3
2016-05-20 CVE-2016-1808 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
 9.3
9.3
2016-05-20 CVE-2016-1807 Race Condition vulnerability in Apple products
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
local
apple CWE-362
1.9
1.9
2016-05-20 CVE-2016-1803 NULL Pointer Dereference vulnerability in Apple products
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
apple CWE-476
6.8
6.8
2016-05-20 CVE-2016-1802 Information Exposure vulnerability in Apple products
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
network
apple CWE-200
4.3
4.3