CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1858 200 +Info 2016-05-20 2016-05-23
4.3
None Remote Medium Not required Partial None None
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
2 CVE-2016-1853 200 +Info 2016-05-20 2016-05-23
5.0
None Remote Low Not required Partial None None
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
3 CVE-2016-1852 200 +Info 2016-05-20 2016-05-23
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
4 CVE-2016-1849 200 +Info 2016-05-20 2016-05-23
2.1
None Local Low Not required Partial None None
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
5 CVE-2016-1843 20 +Info 2016-05-20 2016-05-20
5.0
None Remote Low Not required Partial None None
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
6 CVE-2016-1842 284 +Info 2016-05-20 2016-05-20
5.0
None Remote Low Not required Partial None None
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
7 CVE-2016-1807 362 +Info 2016-05-20 2016-05-20
2.6
None Remote High Not required Partial None None
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
8 CVE-2016-1802 200 +Info 2016-05-20 2016-05-20
4.3
None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
9 CVE-2016-1801 200 +Info 2016-05-20 2016-05-20
5.0
None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
10 CVE-2016-1796 200 DoS +Info 2016-05-20 2016-05-20
4.3
None Remote Medium Not required Partial None None
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.
11 CVE-2016-1791 200 +Info 2016-05-20 2016-05-20
4.3
None Remote Medium Not required Partial None None
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
12 CVE-2016-1790 119 Overflow +Info 2016-05-20 2016-05-20
4.3
None Remote Medium Not required Partial None None
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
13 CVE-2016-1787 200 +Info 2016-03-23 2016-03-25
5.0
None Remote Low Not required Partial None None
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
14 CVE-2016-1786 200 Bypass +Info 2016-03-23 2016-03-25
5.8
None Remote Medium Not required Partial Partial None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
15 CVE-2016-1785 200 Bypass +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
16 CVE-2016-1780 200 +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
17 CVE-2016-1779 200 Bypass +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
18 CVE-2016-1776 284 +Info 2016-03-23 2016-03-25
5.0
None Remote Low Not required Partial None None
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
19 CVE-2016-1774 284 +Info 2016-03-23 2016-03-25
5.0
None Remote Low Not required Partial None None
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
20 CVE-2016-1772 200 +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
21 CVE-2016-1764 200 +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
22 CVE-2016-1763 20 +Info 2016-03-23 2016-03-25
3.5
None Remote Medium Single system Partial None None
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
23 CVE-2016-1758 119 DoS Overflow +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
24 CVE-2016-1748 200 +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
25 CVE-2016-1732 119 DoS Overflow +Info 2016-03-23 2016-03-28
2.1
None Local Low Not required Partial None None
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
26 CVE-2016-1728 200 +Info 2016-02-01 2016-02-16
4.3
None Remote Medium Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
27 CVE-2016-1208 200 +Info 2016-05-14 2016-05-19
5.0
None Remote Low Not required Partial None None
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
28 CVE-2016-0777 200 +Info 2016-01-14 2016-04-11
4.0
None Remote Low Single system Partial None None
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
29 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2016-04-01
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
30 CVE-2015-7761 200 +Info 2015-10-09 2015-10-09
5.0
None Remote Low Not required Partial None None
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
31 CVE-2015-7499 119 Overflow +Info 2015-12-15 2016-05-19
5.0
None Remote Low Not required Partial None None
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
32 CVE-2015-7116 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.
33 CVE-2015-7115 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
34 CVE-2015-7080 200 Bypass +Info 2015-12-11 2015-12-11
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
35 CVE-2015-7058 200 +Info 2015-12-11 2015-12-11
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
36 CVE-2015-7056 200 +Info 2015-12-11 2015-12-11
5.0
None Remote Low Not required Partial None None
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern.
37 CVE-2015-7050 200 +Info 2015-12-11 2015-12-11
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
38 CVE-2015-7046 200 Bypass +Info 2015-12-11 2015-12-11
2.6
None Remote High Not required Partial None None
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
39 CVE-2015-7022 200 +Info 2015-10-23 2015-10-23
4.3
None Remote Medium Not required Partial None None
The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
40 CVE-2015-7020 119 DoS Overflow +Info 2015-10-23 2015-10-26
5.6
None Local Low Not required Partial None Complete
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.
41 CVE-2015-7019 119 DoS Overflow +Info 2015-10-23 2015-10-26
5.6
None Local Low Not required Partial None Complete
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.
42 CVE-2015-7000 200 +Info 2015-10-23 2015-10-23
2.1
None Local Low Not required Partial None None
Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.
43 CVE-2015-5923 200 +Info 2015-10-09 2015-10-09
2.1
None Local Low Not required Partial None None
Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.
44 CVE-2015-5921 200 +Info 2015-09-18 2015-09-18
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
45 CVE-2015-5916 200 +Info 2015-09-18 2015-10-28
4.3
None Remote Medium Not required Partial None None
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
46 CVE-2015-5910 200 +Info 2015-09-18 2015-09-22
3.3
None Local Network Low Not required Partial None None
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
47 CVE-2015-5909 200 +Info 2015-09-18 2015-09-22
5.0
None Remote Low Not required Partial None None
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.
48 CVE-2015-5906 200 +Info 2015-09-18 2015-09-18
5.0
None Remote Low Not required Partial None None
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.
49 CVE-2015-5901 200 +Info 2015-10-09 2015-10-09
2.1
None Local Low Not required Partial None None
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
50 CVE-2015-5898 200 +Info 2015-09-18 2015-10-09
2.1
None Local Low Not required Partial None None
CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
Total number of vulnerabilities : 347   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.