VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2014-4433Oct 18, 2014
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.

  • CVE-2014-4432Oct 18, 2014
    risk 0.00cvss epss 0.00

    fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

  • CVE-2014-4431Oct 18, 2014
    risk 0.00cvss epss 0.00

    Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.

  • CVE-2014-4430Oct 18, 2014
    risk 0.00cvss epss 0.00

    CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

  • CVE-2014-4428Oct 18, 2014
    risk 0.00cvss epss 0.01

    Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.

  • CVE-2014-4427Oct 18, 2014
    risk 0.00cvss epss 0.01

    App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

  • CVE-2014-4426Oct 18, 2014
    risk 0.00cvss epss 0.01

    AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

  • CVE-2014-4425Oct 18, 2014
    risk 0.00cvss epss 0.00

    CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

  • CVE-2014-4417Oct 18, 2014
    risk 0.00cvss epss 0.02

    Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

  • CVE-2014-4391Oct 18, 2014
    risk 0.00cvss epss 0.03

    The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.

  • CVE-2014-4351Oct 18, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

  • CVE-2014-7185Oct 8, 2014
    risk 0.00cvss epss 0.05

    Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

  • CVE-2014-3565Oct 7, 2014
    risk 0.00cvss epss 0.05

    snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…

  • CVE-2014-7861Oct 5, 2014
    risk 0.00cvss epss 0.02

    The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.

  • CVE-2014-4416Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4403Sep 19, 2014
    risk 0.00cvss epss 0.00

    The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

  • CVE-2014-4402Sep 19, 2014
    risk 0.00cvss epss 0.03

    An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

  • CVE-2014-4401Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4400Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4399Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

Page 61 of 105