Mac Os X@10.10.2 Security Vulnerabilities and Issues — Mac Os X@10.10.2 CVE List

Lucene search

AppleMac Os X10.10.2

10 matches found

CVE•added 2014/12/15 6:59 p.m.•673 views

CVE-2014-3583

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

5CVSS8AI score0.19785EPSS

CVE•added 2015/03/30 10:59 a.m.•274 views

CVE-2015-2787

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an ...

7.5CVSS8.1AI score0.87334EPSS

CVE•added 2015/06/09 6:59 p.m.•246 views

CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

7.5CVSS8AI score0.28148EPSS

CVE•added 2014/11/15 8:59 p.m.•149 views

CVE-2014-3707

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

4.3CVSS9.2AI score0.00277EPSS

CVE•added 2015/04/24 2:59 p.m.•129 views

CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

5CVSS7.3AI score0.02575EPSS

CVE•added 2015/04/24 2:59 p.m.•124 views

CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

5CVSS9.1AI score0.01442EPSS

CVE•added 2018/03/12 2:29 a.m.•109 views

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in ti...

8.8CVSS7.6AI score0.00819EPSS

CVE•added 2015/04/24 2:59 p.m.•103 views

CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote cha...

7.5CVSS9.4AI score0.65095EPSS

CVE•added 2018/03/12 2:29 a.m.•84 views

CVE-2014-8130

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated ...

6.5CVSS7.2AI score0.02075EPSS

CVE•added 2015/02/12 4:59 p.m.•66 views

CVE-2015-1546

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

5CVSS6.3AI score0.10383EPSS