Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
2.6
EPSS Score
0.17%
Published
2013-10-24
Updated
2013-10-24
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Max CVSS
1.9
EPSS Score
0.14%
Published
2013-09-19
Updated
2014-10-24
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-09-19
Updated
2013-10-31
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
Max CVSS
4.3
EPSS Score
0.18%
Published
2013-10-24
Updated
2018-10-30
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.
Max CVSS
5.0
EPSS Score
0.07%
Published
2013-10-24
Updated
2013-10-24
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-06-05
Updated
2013-10-11
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-09-16
Updated
2013-09-18
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
Max CVSS
1.7
EPSS Score
0.04%
Published
2013-06-05
Updated
2013-06-05
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!