VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2014-1268Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

  • CVE-2014-1265Feb 27, 2014
    risk 0.00cvss epss 0.00

    The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

  • CVE-2014-1264Feb 27, 2014
    risk 0.00cvss epss 0.00

    Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

  • CVE-2014-1263Feb 27, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2014-1262Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.

  • CVE-2014-1261Feb 27, 2014
    risk 0.00cvss epss 0.03

    Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.

  • CVE-2014-1260Feb 27, 2014
    risk 0.00cvss epss 0.02

    QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

  • CVE-2014-1259Feb 27, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

  • CVE-2014-1258Feb 27, 2014
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.

  • CVE-2014-1257Feb 27, 2014
    risk 0.00cvss epss 0.00

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2014-1256Feb 27, 2014
    risk 0.00cvss epss 0.01

    Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

  • CVE-2014-1255Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

  • CVE-2014-1254Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

  • CVE-2014-1252Jan 24, 2014
    risk 0.00cvss epss 0.04

    Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

  • CVE-2013-5987Jan 21, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

  • CVE-2013-7127Dec 17, 2013
    risk 0.00cvss epss 0.00

    Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.

  • CVE-2013-6712Nov 28, 2013
    risk 0.00cvss epss 0.05

    The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

  • CVE-2013-5192Oct 24, 2013
    risk 0.00cvss epss 0.00

    The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.

  • CVE-2013-5191Oct 24, 2013
    risk 0.00cvss epss 0.00

    The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

  • CVE-2013-5190Oct 24, 2013
    risk 0.00cvss epss 0.01

    Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.

Page 65 of 105