VARIoT IoT vulnerabilities database

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. Apple Safari is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit Plug-ins is one of the open source web browser engine components. There is a security vulnerability in the API of the WebKit Plug-ins component of Apple Safari 8.0.8 and earlier versions. The vulnerability stems from the fact that the program does not provide notification of the HTTP Redirection status code to the plug-in

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOGraphics is one of the input and output graphics components

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOGraphics is one of the input and output graphics components

The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Kernel is one of the kernel components

IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component

IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOGraphics is one of the input and output graphics components

IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOAudioFamily is one of the input and output audio components

The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Time Machine is one of the backup components

AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. AirScan is one of the wireless network scanning tool components

The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. AppleEvents is one of the live video components. The vulnerability stems from the fact that the program does not properly restrict sending events to other users

The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. This vulnerability CVE-2015-5877 Is a different vulnerability.Authorized by local user or service disruption ( Memory corruption ) There is a possibility of being put into a state. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Intel Graphics Driver is one of the graphics card drivers

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAn attacker who has physical control of the terminal could gain access by visiting an unattended workstation. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Login Window is one of the login window components. The vulnerability stems from the fact that the program does not ensure that the screen is locked for a predetermined period of time

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlIt may be subject to unspecified effects and attacks. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. An attacker could exploit this vulnerability to incorrectly display the keychain's locked state to the user

Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Heimdal is a Kerberos 5 implementation

The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. This vulnerability "Thunderstrike" Is called a problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. EFI is one of the firmware upgrade interface components

The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. Apple OS X The kernel's debug function has a fault in status management, which could interfere with service operation. (DoS) There are vulnerabilities that are put into a state.Service disruption by local users (DoS) There is a possibility of being put into a state. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Kernel is one of the kernel components. A local attacker could exploit this vulnerability to cause a denial of service

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Finder is one of the components that finds, displays and organizes all files and folders. The vulnerability stems from the fact that the program does not delete Trash files correctly. A local attacker could exploit this vulnerability to obtain sensitive information by reading the storage medium

The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. EFI is one of the firmware upgrade interface components

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Address Book is one of the address book or contact frameworks