Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4433 | 0.00 | — | 0.01 | Oct 18, 2014 | Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. | |||
| CVE-2014-4432 | 0.00 | — | 0.00 | Oct 18, 2014 | fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | |||
| CVE-2014-4431 | 0.00 | — | 0.00 | Oct 18, 2014 | Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||
| CVE-2014-4430 | 0.00 | — | 0.00 | Oct 18, 2014 | CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. | |||
| CVE-2014-4428 | 0.00 | — | 0.01 | Oct 18, 2014 | Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. | |||
| CVE-2014-4427 | 0.00 | — | 0.01 | Oct 18, 2014 | App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | |||
| CVE-2014-4426 | 0.00 | — | 0.01 | Oct 18, 2014 | AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | |||
| CVE-2014-4425 | 0.00 | — | 0.00 | Oct 18, 2014 | CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | |||
| CVE-2014-4417 | 0.00 | — | 0.02 | Oct 18, 2014 | Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. | |||
| CVE-2014-4391 | 0.00 | — | 0.03 | Oct 18, 2014 | The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. | |||
| CVE-2014-4351 | 0.00 | — | 0.04 | Oct 18, 2014 | Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. | |||
| CVE-2014-7185 | 0.00 | — | 0.05 | Oct 8, 2014 | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | |||
| CVE-2014-3565 | 0.00 | — | 0.05 | Oct 7, 2014 | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a… | |||
| CVE-2014-7861 | 0.00 | — | 0.02 | Oct 5, 2014 | The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | |||
| CVE-2014-4416 | 0.00 | — | 0.00 | Sep 19, 2014 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability… | |||
| CVE-2014-4403 | 0.00 | — | 0.00 | Sep 19, 2014 | The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | |||
| CVE-2014-4402 | 0.00 | — | 0.03 | Sep 19, 2014 | An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||
| CVE-2014-4401 | 0.00 | — | 0.00 | Sep 19, 2014 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability… | |||
| CVE-2014-4400 | 0.00 | — | 0.00 | Sep 19, 2014 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability… | |||
| CVE-2014-4399 | 0.00 | — | 0.00 | Sep 19, 2014 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability… |
- CVE-2014-4433Oct 18, 2014risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
- CVE-2014-4432Oct 18, 2014risk 0.00cvss —epss 0.00
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.
- CVE-2014-4431Oct 18, 2014risk 0.00cvss —epss 0.00
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
- CVE-2014-4430Oct 18, 2014risk 0.00cvss —epss 0.00
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.
- CVE-2014-4428Oct 18, 2014risk 0.00cvss —epss 0.01
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
- CVE-2014-4427Oct 18, 2014risk 0.00cvss —epss 0.01
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
- CVE-2014-4426Oct 18, 2014risk 0.00cvss —epss 0.01
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
- CVE-2014-4425Oct 18, 2014risk 0.00cvss —epss 0.00
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.
- CVE-2014-4417Oct 18, 2014risk 0.00cvss —epss 0.02
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.
- CVE-2014-4391Oct 18, 2014risk 0.00cvss —epss 0.03
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
- CVE-2014-4351Oct 18, 2014risk 0.00cvss —epss 0.04
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
- CVE-2014-7185Oct 8, 2014risk 0.00cvss —epss 0.05
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
- CVE-2014-3565Oct 7, 2014risk 0.00cvss —epss 0.05
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…
- CVE-2014-7861Oct 5, 2014risk 0.00cvss —epss 0.02
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
- CVE-2014-4416Sep 19, 2014risk 0.00cvss —epss 0.00
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…
- CVE-2014-4403Sep 19, 2014risk 0.00cvss —epss 0.00
The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.
- CVE-2014-4402Sep 19, 2014risk 0.00cvss —epss 0.03
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
- CVE-2014-4401Sep 19, 2014risk 0.00cvss —epss 0.00
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…
- CVE-2014-4400Sep 19, 2014risk 0.00cvss —epss 0.00
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…
- CVE-2014-4399Sep 19, 2014risk 0.00cvss —epss 0.00
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…
Page 61 of 105