CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1264 264 Bypass 2014-02-26 2014-03-10
3.3
None Local Medium Not required Partial Partial None
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.
2 CVE-2014-1257 264 Bypass 2014-02-26 2014-02-27
3.6
None Local Low Not required Partial Partial None
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
3 CVE-2013-5171 264 Bypass 2013-10-23 2013-10-24
3.3
None Local Medium Not required Partial Partial None
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
4 CVE-2013-5164 362 Bypass 2013-10-23 2013-10-24
3.3
None Local Medium Not required Partial Partial None
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
5 CVE-2013-5160 264 Bypass 2013-09-27 2013-10-07
3.3
None Local Medium Not required Partial Partial None
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
6 CVE-2013-5147 362 Bypass 2013-09-19 2013-09-26
3.7
None Local High Not required Partial Partial Partial
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
7 CVE-2013-5144 264 Bypass 2013-10-23 2013-10-24
3.3
None Local Medium Not required Partial Partial None
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
8 CVE-2013-1031 264 Bypass 2013-09-16 2013-09-19
3.3
None Local Medium Not required Partial Partial None
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
9 CVE-2013-0964 20 Bypass 2013-01-29 2013-02-05
3.6
None Local Low Not required Partial Partial None
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.
10 CVE-2012-3750 264 Bypass 2012-11-03 2013-03-01
3.6
None Local Low Not required Partial Partial None
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
11 CVE-2012-3738 264 Bypass +Info 2012-09-20 2013-03-25
3.6
None Local Low Not required Partial Partial None
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.
12 CVE-2012-3725 200 +Info 2012-09-20 2013-03-22
3.3
None Local Network Low Not required Partial None None
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.
13 CVE-2010-3797 79 XSS 2010-11-16 2010-12-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
14 CVE-2010-1810 2010-09-09 2012-03-30
3.5
None Remote Medium Single system None Partial None
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
15 CVE-2010-1382 79 XSS 2010-06-17 2010-06-18
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
16 CVE-2010-1381 16 2010-06-17 2010-06-18
3.5
None Remote Medium Single system Partial None None
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.
17 CVE-2010-0546 59 2010-06-17 2010-06-17
3.3
None Local Medium Not required None Partial Partial
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
18 CVE-2008-4229 362 2008-11-25 2008-12-03
3.7
None Local High Not required Partial Partial Partial
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
19 CVE-2008-4228 264 2008-11-25 2008-12-03
3.6
None Local Low Not required None Partial Partial
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
20 CVE-2007-5851 264 2007-12-19 2008-09-05
3.6
None Local Low Not required Partial Partial None
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
21 CVE-2006-4393 2006-10-03 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
22 CVE-2005-1727 2005-06-08 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
23 CVE-2005-1430 2005-05-03 2008-09-10
3.6
None Local Low Not required Partial Partial None
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
24 CVE-2001-0806 2001-12-06 2008-09-05
3.6
None Local Low Not required Partial Partial None
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.