Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
Max CVSS
1.9
EPSS Score
0.04%
Published
2007-05-09
Updated
2018-10-16
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-02-12
Updated
2011-03-08
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
Max CVSS
1.9
EPSS Score
0.05%
Published
2008-03-18
Updated
2017-08-08
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
Max CVSS
1.9
EPSS Score
0.07%
Published
2008-09-16
Updated
2017-08-08
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-11-17
Updated
2012-10-31
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
Max CVSS
1.9
EPSS Score
0.08%
Published
2008-09-02
Updated
2008-09-17
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
Max CVSS
1.9
EPSS Score
0.06%
Published
2008-11-25
Updated
2022-08-09
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-02-12
Updated
2011-03-08
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
Max CVSS
1.9
EPSS Score
0.06%
Published
2010-06-22
Updated
2022-08-09
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
Max CVSS
1.9
EPSS Score
0.04%
Published
2011-03-04
Updated
2018-10-09
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Max CVSS
1.9
EPSS Score
0.14%
Published
2013-09-19
Updated
2014-10-24
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
Max CVSS
1.9
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-25
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
Max CVSS
1.9
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-24
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.
Max CVSS
1.9
EPSS Score
0.07%
Published
2014-03-14
Updated
2014-03-14
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
Max CVSS
1.9
EPSS Score
0.10%
Published
2014-07-01
Updated
2017-01-07
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.13%
Published
2014-09-18
Updated
2019-11-07
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
Max CVSS
1.9
EPSS Score
0.08%
Published
2014-09-18
Updated
2017-08-29
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-09-18
Updated
2017-08-29
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!