| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-9771 |
|
|
|
2020-10-22 |
2020-10-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. |
|
2 |
CVE-2020-6616 |
|
|
|
2020-05-08 |
2023-01-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). |
|
3 |
CVE-2020-3835 |
59 |
|
|
2020-02-27 |
2020-03-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. |
|
4 |
CVE-2020-3830 |
59 |
|
|
2020-02-27 |
2020-03-02 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. |
|
5 |
CVE-2019-13057 |
|
|
|
2019-07-26 |
2022-06-13 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) |
|
6 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2021-12-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
|
7 |
CVE-2016-4652 |
264 |
|
DoS +Priv +Info |
2016-07-22 |
2017-09-01 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. |
|
8 |
CVE-2016-4635 |
200 |
|
+Info |
2016-07-22 |
2017-09-01 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. |
|
9 |
CVE-2015-5884 |
200 |
|
+Info |
2015-10-09 |
2016-12-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. |
|
10 |
CVE-2015-5869 |
20 |
|
|
2015-09-18 |
2016-12-22 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
|
11 |
CVE-2015-5853 |
200 |
|
+Info |
2015-10-09 |
2016-12-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. |
|
12 |
CVE-2015-3787 |
20 |
|
DoS |
2015-08-16 |
2017-09-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. |
|
13 |
CVE-2015-3778 |
200 |
|
+Info |
2015-08-16 |
2016-12-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. |
|
14 |
CVE-2014-1321 |
264 |
|
Bypass |
2014-04-23 |
2014-04-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. |
|
15 |
CVE-2014-1264 |
264 |
|
Bypass |
2014-02-27 |
2014-03-10 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. |
|
16 |
CVE-2014-1257 |
264 |
|
Bypass |
2014-02-27 |
2014-02-27 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. |
|
17 |
CVE-2013-5229 |
254 |
|
Bypass |
2015-11-14 |
2017-09-14 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. |
|
18 |
CVE-2013-5171 |
264 |
|
Bypass |
2013-10-24 |
2013-10-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. |
|
19 |
CVE-2013-1031 |
264 |
|
Bypass |
2013-09-16 |
2013-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
|
20 |
CVE-2010-1382 |
79 |
|
XSS |
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. |
|
21 |
CVE-2010-1381 |
16 |
|
|
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. |
|
22 |
CVE-2010-0546 |
59 |
|
|
2010-06-17 |
2010-06-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. |
|
23 |
CVE-2009-5044 |
59 |
|
|
2011-06-24 |
2016-03-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. |
|
24 |
CVE-2007-5851 |
264 |
|
|
2007-12-19 |
2017-07-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. |
|
25 |
CVE-2006-4393 |
|
|
|
2006-10-03 |
2017-07-20 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. |
|
26 |
CVE-2005-1430 |
|
|
|
2005-05-03 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. |
|
27 |
CVE-2001-0806 |
|
|
|
2001-12-06 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. |
