VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,441 total · sorted by risk
  • CVE-2014-4433Oct 18, 2014
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.

  • CVE-2014-4432Oct 18, 2014
    risk 0.00cvss epss 0.00

    fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

  • CVE-2014-4431Oct 18, 2014
    risk 0.00cvss epss 0.00

    Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.

  • CVE-2014-4430Oct 18, 2014
    risk 0.00cvss epss 0.00

    CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

  • CVE-2014-4428Oct 18, 2014
    risk 0.00cvss epss 0.01

    Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.

  • CVE-2014-4427Oct 18, 2014
    risk 0.00cvss epss 0.01

    App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

  • CVE-2014-4426Oct 18, 2014
    risk 0.00cvss epss 0.01

    AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

  • CVE-2014-4425Oct 18, 2014
    risk 0.00cvss epss 0.00

    CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

  • CVE-2014-4417Oct 18, 2014
    risk 0.00cvss epss 0.02

    Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

  • CVE-2014-4391Oct 18, 2014
    risk 0.00cvss epss 0.03

    The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.

  • CVE-2014-4351Oct 18, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

  • CVE-2014-7185Oct 8, 2014
    risk 0.00cvss epss 0.05

    Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

  • CVE-2014-6394Oct 8, 2014
    risk 0.00cvss epss 0.04

    visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

  • CVE-2014-3192Oct 8, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have…

  • CVE-2014-3187Oct 8, 2014
    risk 0.00cvss epss 0.01

    Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.

  • CVE-2014-3565Oct 7, 2014
    risk 0.00cvss epss 0.05

    snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…

  • CVE-2014-7861Oct 5, 2014
    risk 0.00cvss epss 0.02

    The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.

  • CVE-2014-4424Sep 19, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-4416Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4403Sep 19, 2014
    risk 0.00cvss epss 0.00

    The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

  • CVE-2014-4402Sep 19, 2014
    risk 0.00cvss epss 0.03

    An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

  • CVE-2014-4401Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4400Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4399Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4398Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4397Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4396Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4395Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4394Sep 19, 2014
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4393Sep 19, 2014
    risk 0.00cvss epss 0.06

    Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.

  • CVE-2014-4390Sep 19, 2014
    risk 0.00cvss epss 0.02

    Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

  • CVE-2014-4376Sep 19, 2014
    risk 0.00cvss epss 0.04

    IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.

  • CVE-2014-4350Sep 19, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

  • CVE-2014-1391Sep 19, 2014
    risk 0.00cvss epss 0.04

    QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

  • CVE-2014-4423Sep 18, 2014
    risk 0.00cvss epss 0.02

    The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

  • CVE-2014-4421Sep 18, 2014
    risk 0.00cvss epss 0.00

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…

  • CVE-2014-4420Sep 18, 2014
    risk 0.00cvss epss 0.00

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…

  • CVE-2014-4419Sep 18, 2014
    risk 0.00cvss epss 0.00

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…

  • CVE-2014-4415Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4414Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4413Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4412Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4411Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4410Sep 18, 2014
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-4409Sep 18, 2014
    risk 0.00cvss epss 0.02

    WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.

  • CVE-2014-4408Sep 18, 2014
    risk 0.00cvss epss 0.00

    The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

  • CVE-2014-4389Sep 18, 2014
    risk 0.00cvss epss 0.03

    Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

  • CVE-2014-4386Sep 18, 2014
    risk 0.00cvss epss 0.00

    Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

  • CVE-2014-4384Sep 18, 2014
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.

  • CVE-2014-4383Sep 18, 2014
    risk 0.00cvss epss 0.01

    The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

Page 127 of 169