National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): apple ios passcode
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 32 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-19937

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.

Published: December 31, 2018; 11:29:00 AM -05:00
V3: 6.6 MEDIUM
V2: 4.6 MEDIUM
CVE-2017-2399

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).

Published: April 01, 2017; 09:59:00 PM -04:00
V3: 4.6 MEDIUM
V2: 2.1 LOW
CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

Published: February 20, 2017; 03:59:01 AM -05:00
V3: 6.8 MEDIUM
V2: 4.6 MEDIUM
CVE-2015-5850

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

Published: September 18, 2015; 07:00:03 AM -04:00
V2: 2.1 LOW
CVE-2015-1108

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:23 AM -04:00
V2: 2.1 LOW
CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:22 AM -04:00
V2: 1.9 LOW
CVE-2015-1106

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

Published: April 10, 2015; 10:59:21 AM -04:00
V2: 2.1 LOW
CVE-2015-1085

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

Published: April 10, 2015; 10:59:01 AM -04:00
V2: 1.9 LOW
CVE-2014-4451

Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.

Published: November 18, 2014; 06:59:00 AM -05:00
V2: 7.2 HIGH
CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

Published: July 01, 2014; 06:17:26 AM -04:00
V2: 1.9 LOW
CVE-2014-1351

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.

Published: July 01, 2014; 06:17:26 AM -04:00
V2: 3.6 LOW
CVE-2013-5162

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

Published: October 23, 2013; 11:48:48 PM -04:00
V2: 2.1 LOW
CVE-2013-5144

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.

Published: October 23, 2013; 11:48:48 PM -04:00
V2: 3.3 LOW
CVE-2013-5161

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.

Published: September 27, 2013; 11:40:55 PM -04:00
V2: 4.4 MEDIUM
CVE-2013-5160

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.

Published: September 27, 2013; 11:40:55 PM -04:00
V2: 3.3 LOW
CVE-2013-5147

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

Published: September 19, 2013; 06:28:00 AM -04:00
V2: 3.7 LOW
CVE-2013-0957

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.

Published: September 19, 2013; 06:27:55 AM -04:00
V2: 5.8 MEDIUM
CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

Published: March 20, 2013; 10:55:04 AM -04:00
V2: 2.1 LOW
CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

Published: November 03, 2012; 01:55:01 PM -04:00
V2: 3.6 LOW
CVE-2012-3740

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

Published: September 20, 2012; 05:55:04 PM -04:00
V2: 2.1 LOW