Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-12-06
Updated
2017-10-10
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-05-03
Updated
2008-09-10
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
Max CVSS
3.7
EPSS Score
0.04%
Published
2005-06-08
Updated
2008-09-05
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
Max CVSS
3.7
EPSS Score
0.04%
Published
2006-10-03
Updated
2017-07-20
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
Max CVSS
3.6
EPSS Score
0.49%
Published
2007-12-19
Updated
2017-07-29
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
Max CVSS
3.6
EPSS Score
0.06%
Published
2008-11-25
Updated
2022-08-09
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
Max CVSS
3.7
EPSS Score
0.06%
Published
2008-11-25
Updated
2022-08-09
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-06-24
Updated
2016-03-30
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
Max CVSS
3.3
EPSS Score
0.04%
Published
2010-06-17
Updated
2010-06-17
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.
Max CVSS
3.5
EPSS Score
0.21%
Published
2010-06-17
Updated
2010-06-18
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
Max CVSS
3.5
EPSS Score
0.26%
Published
2010-06-17
Updated
2010-06-18
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
Max CVSS
3.5
EPSS Score
0.09%
Published
2010-09-09
Updated
2022-08-09
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.12%
Published
2010-11-16
Updated
2010-12-10
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.
Max CVSS
3.3
EPSS Score
0.25%
Published
2012-09-20
Updated
2017-08-29
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.
Max CVSS
3.6
EPSS Score
0.05%
Published
2012-09-20
Updated
2013-03-26
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
Max CVSS
3.6
EPSS Score
0.06%
Published
2012-11-03
Updated
2017-08-29
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.
Max CVSS
3.6
EPSS Score
0.04%
Published
2013-01-29
Updated
2019-03-08
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
Max CVSS
3.3
EPSS Score
0.06%
Published
2013-09-16
Updated
2013-09-19
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
Max CVSS
3.3
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-24
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
Max CVSS
3.7
EPSS Score
0.06%
Published
2013-09-19
Updated
2013-09-27
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
Max CVSS
3.3
EPSS Score
0.06%
Published
2013-09-28
Updated
2013-10-07
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Max CVSS
3.3
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-24
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
Max CVSS
3.3
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-24
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
Max CVSS
3.7
EPSS Score
0.16%
Published
2015-11-14
Updated
2017-09-14
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
Max CVSS
3.6
EPSS Score
0.04%
Published
2014-02-27
Updated
2014-02-27
115 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!