Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

10 matches found

CVE•added 2014/11/04 4:55 p.m.•186 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a va...

5CVSS5.9AI score0.04812EPSS

CVE•added 2014/11/18 3:59 p.m.•184 views

CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

5CVSS9.3AI score0.01343EPSS

CVE•added 2014/11/15 8:59 p.m.•149 views

CVE-2014-3707

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

4.3CVSS9.2AI score0.00277EPSS

CVE•added 2014/11/18 3:59 p.m.•103 views

CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

5CVSS7.1AI score0.01666EPSS

CVE•added 2014/11/17 4:59 p.m.•77 views

CVE-2014-8517

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

7.5CVSS4.7AI score0.8518EPSS

CVE•added 2014/11/18 11:59 a.m.•63 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS

CVE•added 2014/11/18 11:59 a.m.•54 views

CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1CVSS2.8AI score0.00072EPSS

CVE•added 2014/11/18 11:59 a.m.•52 views

CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.00782EPSS

CVE•added 2014/11/18 11:59 a.m.•45 views

CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

9.3CVSS4.2AI score0.0186EPSS

CVE•added 2014/11/18 11:59 a.m.•41 views

CVE-2014-4458

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.0056EPSS