Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1268 | 0.00 | — | 0.02 | Feb 27, 2014 | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270. | |||
| CVE-2014-1265 | 0.00 | — | 0.00 | Feb 27, 2014 | The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||
| CVE-2014-1264 | 0.00 | — | 0.00 | Feb 27, 2014 | Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. | |||
| CVE-2014-1263 | 0.00 | — | 0.03 | Feb 27, 2014 | curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509… | |||
| CVE-2014-1262 | 0.00 | — | 0.02 | Feb 27, 2014 | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | |||
| CVE-2014-1261 | 0.00 | — | 0.03 | Feb 27, 2014 | Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||
| CVE-2014-1260 | 0.00 | — | 0.02 | Feb 27, 2014 | QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | |||
| CVE-2014-1259 | 0.00 | — | 0.02 | Feb 27, 2014 | Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. | |||
| CVE-2014-1258 | 0.00 | — | 0.02 | Feb 27, 2014 | Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |||
| CVE-2014-1257 | 0.00 | — | 0.00 | Feb 27, 2014 | CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2014-1256 | 0.00 | — | 0.01 | Feb 27, 2014 | Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1255 | 0.00 | — | 0.02 | Feb 27, 2014 | Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1254 | 0.00 | — | 0.02 | Feb 27, 2014 | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||
| CVE-2014-1252 | 0.00 | — | 0.04 | Jan 24, 2014 | Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | |||
| CVE-2013-5987 | 0.00 | — | 0.00 | Jan 21, 2014 | Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |||
| CVE-2013-7127 | 0.00 | — | 0.00 | Dec 17, 2013 | Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2013-6712 | 0.00 | — | 0.05 | Nov 28, 2013 | The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. | |||
| CVE-2013-5192 | 0.00 | — | 0.00 | Oct 24, 2013 | The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||
| CVE-2013-5191 | 0.00 | — | 0.00 | Oct 24, 2013 | The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | |||
| CVE-2013-5190 | 0.00 | — | 0.01 | Oct 24, 2013 | Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. |
- CVE-2014-1268Feb 27, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
- CVE-2014-1265Feb 27, 2014risk 0.00cvss —epss 0.00
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
- CVE-2014-1264Feb 27, 2014risk 0.00cvss —epss 0.00
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.
- CVE-2014-1263Feb 27, 2014risk 0.00cvss —epss 0.03
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…
- CVE-2014-1262Feb 27, 2014risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.
- CVE-2014-1261Feb 27, 2014risk 0.00cvss —epss 0.03
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
- CVE-2014-1260Feb 27, 2014risk 0.00cvss —epss 0.02
QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
- CVE-2014-1259Feb 27, 2014risk 0.00cvss —epss 0.02
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
- CVE-2014-1258Feb 27, 2014risk 0.00cvss —epss 0.02
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
- CVE-2014-1257Feb 27, 2014risk 0.00cvss —epss 0.00
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
- CVE-2014-1256Feb 27, 2014risk 0.00cvss —epss 0.01
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
- CVE-2014-1255Feb 27, 2014risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
- CVE-2014-1254Feb 27, 2014risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.
- CVE-2014-1252Jan 24, 2014risk 0.00cvss —epss 0.04
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
- CVE-2013-5987Jan 21, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.
- CVE-2013-7127Dec 17, 2013risk 0.00cvss —epss 0.00
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
- CVE-2013-6712Nov 28, 2013risk 0.00cvss —epss 0.05
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
- CVE-2013-5192Oct 24, 2013risk 0.00cvss —epss 0.00
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
- CVE-2013-5191Oct 24, 2013risk 0.00cvss —epss 0.00
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
- CVE-2013-5190Oct 24, 2013risk 0.00cvss —epss 0.01
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.
Page 65 of 105