A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data.
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.
A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply.
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.
This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read kernel memory.