An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-03-18
Updated
2022-11-02
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
Max CVSS
3.3
EPSS Score
0.05%
Published
2021-04-02
Updated
2021-06-02
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.
Max CVSS
3.6
EPSS Score
0.04%
Published
2020-02-27
Updated
2020-03-02
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Max CVSS
3.1
EPSS Score
0.67%
Published
2020-02-05
Updated
2020-08-11
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
Max CVSS
3.3
EPSS Score
0.11%
Published
2020-10-27
Updated
2021-03-15
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.
Max CVSS
3.3
EPSS Score
0.05%
Published
2020-10-27
Updated
2020-10-30
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-12-18
Updated
2022-01-01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-11-13
Updated
2017-11-27
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-10-23
Updated
2017-10-26
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-02-20
Updated
2018-10-30
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-02-20
Updated
2017-07-27
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.05%
Published
2017-02-20
Updated
2017-07-27
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.05%
Published
2017-02-20
Updated
2017-07-27
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-02-20
Updated
2017-02-21
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-07-22
Updated
2017-09-01
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-03-24
Updated
2016-12-03
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
Max CVSS
3.3
EPSS Score
0.26%
Published
2015-10-09
Updated
2016-12-08
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
Max CVSS
3.3
EPSS Score
0.79%
Published
2015-09-18
Updated
2016-12-22
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.05%
Published
2015-10-09
Updated
2016-12-09
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
Max CVSS
3.3
EPSS Score
0.48%
Published
2015-08-16
Updated
2017-09-21
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
Max CVSS
3.3
EPSS Score
0.44%
Published
2015-08-16
Updated
2016-12-24
Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.
Max CVSS
3.3
EPSS Score
0.07%
Published
2014-04-23
Updated
2014-04-24
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-02-27
Updated
2014-03-10
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
Max CVSS
3.6
EPSS Score
0.04%
Published
2014-02-27
Updated
2014-02-27
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
Max CVSS
3.7
EPSS Score
0.16%
Published
2015-11-14
Updated
2017-09-14
35 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!