Mac Os X Security Vulnerabilities and Issues — Page 2 of Mac Os X CVE List

Lucene search

AppleMac Os X

153 matches found

CVE•added 2014/09/18 10:55 a.m.•57 views

CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

5.8CVSS5.8AI score0.0208EPSS

CVE•added 2014/12/10 9:59 p.m.•57 views

CVE-2014-8452

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6.5AI score0.10317EPSS

CVE•added 2014/02/27 1:55 a.m.•56 views

CVE-2014-1263

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS5.3AI score0.05846EPSS

CVE•added 2014/12/10 9:59 p.m.•56 views

CVE-2014-8456

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/09/18 10:55 a.m.•55 views

CVE-2014-4381

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

9.3CVSS7AI score0.01741EPSS

CVE•added 2014/12/10 9:59 p.m.•55 views

CVE-2014-9159

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.

10CVSS7.9AI score0.36278EPSS

CVE•added 2014/02/27 1:55 a.m.•54 views

CVE-2014-1269

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4408

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

6.9CVSS7.5AI score0.00044EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4412

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4421

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/11/18 11:59 a.m.•54 views

CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1CVSS2.8AI score0.00072EPSS

CVE•added 2014/02/27 1:55 a.m.•53 views

CVE-2014-1254

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

6.8CVSS7.6AI score0.01256EPSS

CVE•added 2014/09/18 10:55 a.m.•52 views

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS7.3AI score0.00054EPSS

CVE•added 2014/09/19 10:55 a.m.•52 views

CVE-2014-4396

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CV...

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/11/18 11:59 a.m.•52 views

CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.00782EPSS

CVE•added 2014/12/10 9:59 p.m.•52 views

CVE-2014-8453

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

5CVSS6.6AI score0.10853EPSS

CVE•added 2014/02/27 1:55 a.m.•51 views

CVE-2014-1264

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

3.3CVSS6.6AI score0.00054EPSS

CVE•added 2014/04/23 11:52 a.m.•51 views

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connect...

4.3CVSS5.9AI score0.00207EPSS

CVE•added 2014/07/01 10:17 a.m.•51 views

CVE-2014-1357

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.

10CVSS7.3AI score0.03252EPSS

CVE•added 2014/09/19 10:55 a.m.•51 views

CVE-2014-4395

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/09/18 10:55 a.m.•51 views

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

4.3CVSS3.7AI score0.00215EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8447

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8449

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.39126EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8454

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165.

10CVSS7.4AI score0.2145EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8459

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-9165

10CVSS7.4AI score0.2145EPSS

CVE•added 2014/04/23 11:52 a.m.•50 views

CVE-2014-1295

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive informat...

6.8CVSS5AI score0.00144EPSS

CVE•added 2014/04/23 11:52 a.m.•50 views

CVE-2014-1320

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

4.9CVSS5.5AI score0.00062EPSS

CVE•added 2014/07/01 10:17 a.m.•50 views

CVE-2014-1358

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

10CVSS7.2AI score0.03185EPSS

CVE•added 2014/07/01 10:17 a.m.•50 views

CVE-2014-1379

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.

10CVSS6.5AI score0.00499EPSS

CVE•added 2014/09/19 10:55 a.m.•50 views

CVE-2014-4399

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/09/19 10:55 a.m.•50 views

CVE-2014-4400

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/09/19 10:55 a.m.•50 views

CVE-2014-4401

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4410

6.8CVSS7.8AI score0.01114EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4419

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/04/23 11:52 a.m.•49 views

CVE-2014-1322

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

4.9CVSS5.8AI score0.00144EPSS

CVE•added 2014/07/01 10:17 a.m.•49 views

CVE-2014-1359

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

10CVSS6.9AI score0.01536EPSS

CVE•added 2014/09/18 10:55 a.m.•49 views

CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

7.8CVSS5.1AI score0.00191EPSS

CVE•added 2014/02/27 1:55 a.m.•48 views

CVE-2014-1258

Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.

6.8CVSS8.1AI score0.01323EPSS

CVE•added 2014/07/01 10:17 a.m.•48 views

CVE-2014-1373

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.

10CVSS7.1AI score0.01478EPSS

CVE•added 2014/09/18 10:55 a.m.•48 views

CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

7.1CVSS6.3AI score0.01872EPSS

CVE•added 2014/09/19 10:55 a.m.•48 views

CVE-2014-4393

Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.

10CVSS7.9AI score0.06092EPSS

CVE•added 2014/09/19 10:55 a.m.•48 views

CVE-2014-4397

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/09/19 10:55 a.m.•48 views

CVE-2014-4403

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

2.1CVSS6.4AI score0.00071EPSS

CVE•added 2014/09/18 10:55 a.m.•48 views

CVE-2014-4411

6.8CVSS7.8AI score0.01114EPSS

CVE•added 2014/12/10 9:59 p.m.•48 views

CVE-2014-8458

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/02/27 1:55 a.m.•47 views

CVE-2014-1259

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

6.8CVSS7.7AI score0.00697EPSS

CVE•added 2014/02/27 1:55 a.m.•47 views

CVE-2014-1261

Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.

7.5CVSS7.5AI score0.01341EPSS

CVE•added 2014/04/23 11:52 a.m.•47 views

CVE-2014-1321

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.

3.3CVSS6.1AI score0.00062EPSS

CVE•added 2014/12/10 9:59 p.m.•47 views

CVE-2014-8455

10CVSS7.4AI score0.2145EPSS

Total number of security vulnerabilities153