IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.
An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data.
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.