CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3058 200 +Info 2015-05-13 2015-05-14
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors.
2 CVE-2015-1148 200 +Info 2015-04-10 2015-04-29
5.0
None Remote Low Not required Partial None None
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
3 CVE-2015-1147 200 +Info 2015-04-10 2015-04-29
5.0
None Remote Low Not required Partial None None
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
4 CVE-2015-1128 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.
5 CVE-2015-1127 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
6 CVE-2015-1116 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
7 CVE-2015-1114 200 +Info 2015-04-10 2015-04-14
1.9
None Local Medium Not required Partial None None
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
8 CVE-2015-1113 200 +Info 2015-04-10 2015-04-14
1.9
None Local Medium Not required Partial None None
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
9 CVE-2015-1112 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
10 CVE-2015-1111 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
11 CVE-2015-1110 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
12 CVE-2015-1109 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
13 CVE-2015-1108 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
14 CVE-2015-1106 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
15 CVE-2015-1103 20 DoS +Info 2015-04-10 2015-04-14
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
16 CVE-2015-1100 119 DoS Overflow +Info 2015-04-10 2015-06-03
5.4
None Local Medium Not required Partial None Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
17 CVE-2015-1097 200 +Info 2015-04-10 2015-04-14
1.9
None Local Medium Not required Partial None None
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
18 CVE-2015-1096 200 +Info 2015-04-10 2015-04-14
1.9
None Local Medium Not required Partial None None
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
19 CVE-2015-1094 200 +Info 2015-04-10 2015-04-14
1.9
None Local Medium Not required Partial None None
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
20 CVE-2015-1091 200 Bypass +Info 2015-04-10 2015-04-14
4.3
None Remote Medium Not required Partial None None
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
21 CVE-2015-1090 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
22 CVE-2015-1089 200 Bypass +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
23 CVE-2015-1064 200 Bypass +Info 2015-03-12 2015-03-17
1.9
None Local Medium Not required Partial None None
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
24 CVE-2014-8839 200 +Info 2015-01-30 2015-02-05
5.0
None Remote Low Not required Partial None None
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.
25 CVE-2014-8834 200 +Info 2015-01-30 2015-02-18
2.1
None Local Low Not required Partial None None
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
26 CVE-2014-8832 200 +Info 2015-01-30 2015-02-18
4.9
None Local Low Not required Complete None None
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
27 CVE-2014-8827 284 +Info 2015-01-30 2015-02-18
2.1
None Local Low Not required Partial None None
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
28 CVE-2014-8452 200 +Info 2014-12-10 2014-12-11
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
29 CVE-2014-8451 200 +Info 2014-12-10 2014-12-11
5.0
None Remote Low Not required Partial None None
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448.
30 CVE-2014-8448 200 +Info 2014-12-10 2014-12-11
5.0
None Remote Low Not required Partial None None
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
31 CVE-2014-5031 264 +Info 2014-07-29 2015-04-14
5.0
None Remote Low Not required Partial None None
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
32 CVE-2014-4499 200 +Info 2015-01-30 2015-02-18
2.1
None Local Low Not required Partial None None
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.
33 CVE-2014-4491 200 Bypass +Info 2015-01-30 2015-02-18
5.0
None Remote Low Not required Partial None None
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
34 CVE-2014-4460 200 +Info 2014-11-18 2015-02-09
2.1
None Local Low Not required Partial None None
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
35 CVE-2014-4458 200 +Info 2014-11-18 2014-12-23
5.0
None Remote Low Not required Partial None None
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
36 CVE-2014-4453 200 +Info 2014-11-18 2014-12-23
5.0
None Remote Low Not required Partial None None
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
37 CVE-2014-4449 310 +Info 2014-10-22 2014-10-31
6.8
None Remote Medium Not required Partial Partial Partial
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
38 CVE-2014-4448 310 +Info 2014-10-22 2014-10-28
1.9
None Local Medium Not required Partial None None
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
39 CVE-2014-4440 16 +Info 2014-10-17 2014-10-31
2.6
None Remote High Not required Partial None None
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.
40 CVE-2014-4439 200 +Info 2014-10-17 2014-10-31
2.6
None Remote High Not required Partial None None
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
41 CVE-2014-4426 200 +Info 2014-10-17 2015-02-06
4.3
None Remote Medium Not required Partial None None
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
42 CVE-2014-4421 +Info 2014-09-18 2015-01-30
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
43 CVE-2014-4420 +Info 2014-09-18 2015-01-30
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
44 CVE-2014-4419 +Info 2014-09-18 2015-01-30
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
45 CVE-2014-4409 200 +Info 2014-09-18 2014-09-28
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
46 CVE-2014-4407 +Info 2014-09-18 2014-10-24
4.3
None Remote Medium Not required Partial None None
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
47 CVE-2014-4403 200 Bypass +Info 2014-09-19 2014-09-19
2.1
None Local Low Not required Partial None None
The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.
48 CVE-2014-4378 119 DoS Overflow +Info 2014-09-18 2014-09-23
5.8
None Remote Medium Not required Partial None Partial
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
49 CVE-2014-4371 +Info 2014-09-18 2015-01-30
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
50 CVE-2014-4366 255 +Info 2014-09-18 2014-09-18
5.0
None Remote Low Not required Partial None None
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
Total number of vulnerabilities : 240   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.