# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-29046 |
79 |
|
XSS |
2022-04-12 |
2022-10-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
2 |
CVE-2022-22652 |
668 |
|
|
2022-03-18 |
2022-03-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. |
3 |
CVE-2022-21658 |
363 |
|
|
2022-01-20 |
2022-10-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. |
4 |
CVE-2021-30866 |
|
|
|
2021-08-24 |
2023-01-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address. |
5 |
CVE-2021-28544 |
200 |
|
+Info |
2022-04-12 |
2022-12-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. |
6 |
CVE-2020-24721 |
|
|
|
2020-09-30 |
2020-10-22 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. |
7 |
CVE-2020-9771 |
|
|
|
2020-10-22 |
2020-10-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. |
8 |
CVE-2020-6616 |
|
|
|
2020-05-08 |
2023-01-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). |
9 |
CVE-2020-3861 |
862 |
|
|
2020-02-27 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system. |
10 |
CVE-2020-3835 |
59 |
|
|
2020-02-27 |
2020-03-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. |
11 |
CVE-2020-3830 |
59 |
|
|
2020-02-27 |
2020-03-02 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. |
12 |
CVE-2019-13057 |
|
|
|
2019-07-26 |
2022-06-13 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) |
13 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2021-12-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
14 |
CVE-2018-4428 |
|
|
|
2020-10-27 |
2020-10-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen. |
15 |
CVE-2018-4305 |
20 |
|
|
2019-04-03 |
2019-04-04 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. |
16 |
CVE-2017-18248 |
20 |
|
|
2018-03-26 |
2018-07-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. |
17 |
CVE-2017-7066 |
119 |
|
DoS Overflow Mem. Corr. |
2018-04-03 |
2019-03-08 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11. |
18 |
CVE-2017-2383 |
|
|
|
2017-04-02 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate. |
19 |
CVE-2016-4686 |
264 |
|
|
2017-02-20 |
2017-07-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. |
20 |
CVE-2016-4652 |
264 |
|
DoS +Priv +Info |
2016-07-22 |
2017-09-01 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. |
21 |
CVE-2016-4635 |
200 |
|
+Info |
2016-07-22 |
2017-09-01 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. |
22 |
CVE-2016-1763 |
20 |
|
+Info |
2016-03-24 |
2016-12-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. |
23 |
CVE-2015-5910 |
200 |
|
+Info |
2015-09-18 |
2016-12-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. |
24 |
CVE-2015-5884 |
200 |
|
+Info |
2015-10-09 |
2016-12-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. |
25 |
CVE-2015-5869 |
20 |
|
|
2015-09-18 |
2016-12-22 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
26 |
CVE-2015-5853 |
200 |
|
+Info |
2015-10-09 |
2016-12-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. |
27 |
CVE-2015-3787 |
20 |
|
DoS |
2015-08-16 |
2017-09-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. |
28 |
CVE-2015-3778 |
200 |
|
+Info |
2015-08-16 |
2016-12-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. |
29 |
CVE-2014-4372 |
59 |
|
|
2014-09-18 |
2019-03-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. |
30 |
CVE-2014-1353 |
264 |
|
Bypass |
2014-07-01 |
2017-01-07 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. |
31 |
CVE-2014-1351 |
264 |
|
Bypass |
2014-07-01 |
2017-01-07 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. |
32 |
CVE-2014-1321 |
264 |
|
Bypass |
2014-04-23 |
2014-04-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. |
33 |
CVE-2014-1264 |
264 |
|
Bypass |
2014-02-27 |
2014-03-10 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. |
34 |
CVE-2014-1257 |
264 |
|
Bypass |
2014-02-27 |
2014-02-27 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. |
35 |
CVE-2013-5229 |
254 |
|
Bypass |
2015-11-14 |
2017-09-14 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. |
36 |
CVE-2013-5171 |
264 |
|
Bypass |
2013-10-24 |
2013-10-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. |
37 |
CVE-2013-5164 |
362 |
|
Bypass |
2013-10-24 |
2013-10-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. |
38 |
CVE-2013-5160 |
264 |
|
Bypass |
2013-09-28 |
2013-10-07 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. |
39 |
CVE-2013-5147 |
362 |
|
Bypass |
2013-09-19 |
2013-09-27 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. |
40 |
CVE-2013-5144 |
264 |
|
Bypass |
2013-10-24 |
2013-10-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. |
41 |
CVE-2013-1031 |
264 |
|
Bypass |
2013-09-16 |
2013-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
42 |
CVE-2013-0964 |
20 |
|
Bypass |
2013-01-29 |
2019-03-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. |
43 |
CVE-2012-3750 |
264 |
|
Bypass |
2012-11-03 |
2017-08-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. |
44 |
CVE-2012-3738 |
264 |
|
Bypass +Info |
2012-09-20 |
2013-03-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. |
45 |
CVE-2012-3725 |
200 |
|
+Info |
2012-09-20 |
2017-08-29 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. |
46 |
CVE-2010-3797 |
79 |
|
XSS |
2010-11-16 |
2010-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
47 |
CVE-2010-1382 |
79 |
|
XSS |
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. |
48 |
CVE-2010-1381 |
16 |
|
|
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. |
49 |
CVE-2010-0546 |
59 |
|
|
2010-06-17 |
2010-06-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. |
50 |
CVE-2009-5044 |
59 |
|
|
2011-06-24 |
2016-03-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. |