VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2014-8821Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.

  • CVE-2014-8820Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.

  • CVE-2014-8819Jan 30, 2015
    risk 0.00cvss epss 0.00

    The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

  • CVE-2014-8817Jan 30, 2015
    risk 0.00cvss epss 0.03

    coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of…

  • CVE-2014-8816Jan 30, 2015
    risk 0.00cvss epss 0.02

    CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.

  • CVE-2014-4499Jan 30, 2015
    risk 0.00cvss epss 0.00

    The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

  • CVE-2014-4498Jan 30, 2015
    risk 0.00cvss epss 0.00

    The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.

  • CVE-2014-4497Jan 30, 2015
    risk 0.00cvss epss 0.02

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.

  • CVE-2014-4495Jan 30, 2015
    risk 0.00cvss epss 0.03

    The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

  • CVE-2014-4491Jan 30, 2015
    risk 0.00cvss epss 0.02

    The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…

  • CVE-2014-4489Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…

  • CVE-2014-4488Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-4487Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2014-4486Jan 30, 2015
    risk 0.00cvss epss 0.03

    IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference)…

  • CVE-2014-4485Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

  • CVE-2014-4484Jan 30, 2015
    risk 0.00cvss epss 0.04

    FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

  • CVE-2014-4483Jan 30, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

  • CVE-2014-4481Jan 30, 2015
    risk 0.00cvss epss 0.06

    Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2014-8151Jan 15, 2015
    risk 0.00cvss epss 0.01

    The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows…

  • CVE-2014-9425Dec 31, 2014
    risk 0.00cvss epss 0.04

    Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Page 59 of 105