OS X
by Apple Inc.
CVEs (533)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1370 | 0.00 | — | 0.02 | Jul 1, 2014 | The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. | |||
| CVE-2014-1361 | 0.00 | — | 0.01 | Jul 1, 2014 | Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory… | |||
| CVE-2014-1359 | 0.00 | — | 0.02 | Jul 1, 2014 | Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. | |||
| CVE-2014-1358 | 0.00 | — | 0.03 | Jul 1, 2014 | Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. | |||
| CVE-2014-1356 | 0.00 | — | 0.03 | Jul 1, 2014 | Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. | |||
| CVE-2014-1355 | 0.00 | — | 0.00 | Jul 1, 2014 | The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. | |||
| CVE-2014-1321 | 0.00 | — | 0.00 | Apr 23, 2014 | Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. | |||
| CVE-2014-1319 | 0.00 | — | 0.01 | Apr 23, 2014 | Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | |||
| CVE-2014-1318 | 0.00 | — | 0.01 | Apr 23, 2014 | The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. | |||
| CVE-2014-1316 | 0.00 | — | 0.00 | Apr 23, 2014 | Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. | |||
| CVE-2014-1314 | 0.00 | — | 0.01 | Apr 23, 2014 | WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | |||
| CVE-2014-1315 | 0.00 | — | 0.01 | Apr 23, 2014 | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||
| CVE-2014-1295 | 0.00 | — | 0.00 | Apr 23, 2014 | Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to… |
- CVE-2014-1370Jul 1, 2014risk 0.00cvss —epss 0.02
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
- CVE-2014-1361Jul 1, 2014risk 0.00cvss —epss 0.01
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory…
- CVE-2014-1359Jul 1, 2014risk 0.00cvss —epss 0.02
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
- CVE-2014-1358Jul 1, 2014risk 0.00cvss —epss 0.03
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
- CVE-2014-1356Jul 1, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
- CVE-2014-1355Jul 1, 2014risk 0.00cvss —epss 0.00
The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.
- CVE-2014-1321Apr 23, 2014risk 0.00cvss —epss 0.00
Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.
- CVE-2014-1319Apr 23, 2014risk 0.00cvss —epss 0.01
Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
- CVE-2014-1318Apr 23, 2014risk 0.00cvss —epss 0.01
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
- CVE-2014-1316Apr 23, 2014risk 0.00cvss —epss 0.00
Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.
- CVE-2014-1314Apr 23, 2014risk 0.00cvss —epss 0.01
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
- CVE-2014-1315Apr 23, 2014risk 0.00cvss —epss 0.01
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.
- CVE-2014-1295Apr 23, 2014risk 0.00cvss —epss 0.00
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to…
Page 27 of 27