| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-4740 |
200 |
|
+Info |
2016-09-18 |
2017-08-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. |
|
2 |
CVE-2015-6563 |
20 |
|
|
2015-08-23 |
2018-09-11 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
|
3 |
CVE-2015-3785 |
|
|
Bypass |
2015-10-09 |
2016-12-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. |
|
4 |
CVE-2015-1146 |
310 |
|
Bypass |
2015-04-10 |
2015-09-17 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. |
|
5 |
CVE-2015-1145 |
310 |
|
Bypass |
2015-04-10 |
2015-09-17 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. |
|
6 |
CVE-2015-1114 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. |
|
7 |
CVE-2015-1113 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. |
|
8 |
CVE-2015-1107 |
|
|
|
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. |
|
9 |
CVE-2015-1097 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
10 |
CVE-2015-1096 |
200 |
|
+Info |
2015-04-10 |
2016-12-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
11 |
CVE-2015-1094 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
12 |
CVE-2015-1085 |
264 |
|
|
2015-04-10 |
2017-01-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. |
|
13 |
CVE-2015-1064 |
200 |
|
Bypass +Info |
2015-03-12 |
2015-09-11 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. |
|
14 |
CVE-2014-5030 |
59 |
|
|
2014-07-29 |
2017-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. |
|
15 |
CVE-2014-5029 |
59 |
|
|
2014-07-29 |
2017-01-06 |
1.5 |
None |
Local |
Medium |
Single system |
Partial |
None |
None |
|
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. |
|
16 |
CVE-2014-4450 |
255 |
|
|
2014-10-22 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. |
|
17 |
CVE-2014-4448 |
310 |
|
+Info |
2014-10-22 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. |
|
18 |
CVE-2014-4447 |
310 |
|
|
2014-10-17 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. |
|
19 |
CVE-2014-4421 |
|
|
+Info |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. |
|
20 |
CVE-2014-4420 |
|
|
+Info |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. |
|
21 |
CVE-2014-4419 |
|
|
+Info |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. |
|
22 |
CVE-2014-4386 |
362 |
|
+Priv |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. |
|
23 |
CVE-2014-4384 |
22 |
|
Dir. Trav. |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. |
|
24 |
CVE-2014-4371 |
|
|
+Info |
2014-09-18 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. |
|
25 |
CVE-2014-3537 |
59 |
|
|
2014-07-23 |
2017-01-06 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. |
|
26 |
CVE-2014-1352 |
264 |
|
|
2014-07-01 |
2017-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. |
|
27 |
CVE-2014-1281 |
264 |
|
|
2014-03-14 |
2014-03-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. |
|
28 |
CVE-2013-6891 |
59 |
|
|
2014-01-25 |
2014-03-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. |
|
29 |
CVE-2013-5187 |
264 |
|
+Info |
2013-10-23 |
2013-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. |
|
30 |
CVE-2013-5169 |
264 |
|
+Info |
2013-10-23 |
2013-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. |
|
31 |
CVE-2013-5150 |
200 |
|
+Info |
2013-09-19 |
2014-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. |
|
32 |
CVE-2013-0982 |
200 |
|
Bypass +Info |
2013-06-05 |
2013-06-05 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. |
|
33 |
CVE-2013-0979 |
264 |
|
|
2013-03-20 |
2013-03-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. |
|
34 |
CVE-2012-3741 |
287 |
|
Bypass |
2012-09-20 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. |
|
35 |
CVE-2012-3734 |
310 |
|
Bypass |
2012-09-20 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. |
|
36 |
CVE-2012-3729 |
264 |
|
+Info |
2012-09-20 |
2017-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. |
|
37 |
CVE-2012-0645 |
264 |
|
Bypass |
2012-03-08 |
2018-11-29 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. |
|
38 |
CVE-2011-3440 |
264 |
|
|
2011-11-11 |
2011-11-15 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
|
39 |
CVE-2011-1073 |
59 |
|
|
2011-03-04 |
2018-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. |
|
40 |
CVE-2010-1775 |
362 |
|
Bypass |
2010-06-22 |
2017-08-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. |
|
41 |
CVE-2009-1707 |
362 |
|
|
2009-06-10 |
2010-12-10 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. |
|
42 |
CVE-2009-0142 |
362 |
|
DoS |
2009-02-12 |
2009-08-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." |
|
43 |
CVE-2008-4593 |
200 |
|
+Info |
2008-10-17 |
2017-08-07 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. |
|
44 |
CVE-2008-4230 |
264 |
|
+Info |
2008-11-25 |
2008-12-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. |
|
45 |
CVE-2008-3876 |
264 |
|
Bypass +Info |
2008-09-02 |
2008-09-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. |
|
46 |
CVE-2008-3644 |
200 |
|
+Info |
2008-11-17 |
2012-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. |
|
47 |
CVE-2008-2329 |
200 |
|
+Info |
2008-09-16 |
2017-08-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. |
|
48 |
CVE-2008-0996 |
255 |
|
|
2008-03-18 |
2017-08-07 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. |
|
49 |
CVE-2008-0049 |
264 |
|
Exec Code |
2008-03-18 |
2017-08-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. |
|
50 |
CVE-2008-0038 |
264 |
|
Bypass |
2008-02-12 |
2008-09-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. |
