FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
Max CVSS
1.7
EPSS Score
0.06%
Published
2006-03-03
Updated
2017-07-20
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
Max CVSS
1.7
EPSS Score
0.07%
Published
2006-03-03
Updated
2017-07-20
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
Max CVSS
1.9
EPSS Score
0.04%
Published
2007-05-09
Updated
2018-10-16
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-02-12
Updated
2011-03-08
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
Max CVSS
1.9
EPSS Score
0.05%
Published
2008-03-18
Updated
2017-08-08
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
Max CVSS
1.7
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
Max CVSS
1.9
EPSS Score
0.07%
Published
2008-09-16
Updated
2017-08-08
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-11-17
Updated
2012-10-31
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
Max CVSS
1.9
EPSS Score
0.08%
Published
2008-09-02
Updated
2008-09-17
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
Max CVSS
1.9
EPSS Score
0.06%
Published
2008-11-25
Updated
2022-08-09
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
Max CVSS
1.2
EPSS Score
0.05%
Published
2008-10-17
Updated
2017-08-08
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-02-12
Updated
2011-03-08
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
Max CVSS
1.2
EPSS Score
0.04%
Published
2009-06-10
Updated
2010-12-10
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
Max CVSS
1.9
EPSS Score
0.06%
Published
2010-06-22
Updated
2022-08-09
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
Max CVSS
1.9
EPSS Score
0.04%
Published
2011-03-04
Updated
2018-10-09
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
Max CVSS
1.2
EPSS Score
0.06%
Published
2011-11-11
Updated
2011-11-15
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
Max CVSS
1.2
EPSS Score
0.10%
Published
2012-03-08
Updated
2018-11-29
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
Max CVSS
1.7
EPSS Score
0.04%
Published
2013-06-05
Updated
2013-06-05
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Max CVSS
1.9
EPSS Score
0.14%
Published
2013-09-19
Updated
2014-10-24
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
Max CVSS
1.9
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-25
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
Max CVSS
1.9
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-24
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!