VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,442 total · sorted by risk
  • CVE-2014-1296Apr 23, 2014
    risk 0.00cvss epss 0.02

    CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the…

  • CVE-2014-1295Apr 23, 2014
    risk 0.00cvss epss 0.01

    Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to…

  • CVE-2013-7338Apr 22, 2014
    risk 0.00cvss epss 0.05

    Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5)…

  • CVE-2014-2856Apr 18, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

  • CVE-2014-1313Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1312Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1311Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1310Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1309Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1308Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1307Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1305Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1304Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1302Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1301Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1299Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1298Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2014-1297Apr 2, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

  • CVE-2014-0067Mar 31, 2014
    risk 0.00cvss epss 0.00

    The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this…

  • CVE-2014-1300Mar 26, 2014
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.

  • CVE-2014-1294Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…

  • CVE-2014-1293Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…

  • CVE-2014-1292Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…

  • CVE-2014-1291Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…

  • CVE-2014-1290Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291,…

  • CVE-2014-1289Mar 14, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291,…

  • CVE-2014-1286Mar 14, 2014
    risk 0.00cvss epss 0.02

    SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.

  • CVE-2014-1285Mar 14, 2014
    risk 0.00cvss epss 0.01

    Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.

  • CVE-2014-1282Mar 14, 2014
    risk 0.00cvss epss 0.01

    The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.

  • CVE-2014-1281Mar 14, 2014
    risk 0.00cvss epss 0.00

    Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.

  • CVE-2014-1280Mar 14, 2014
    risk 0.00cvss epss 0.02

    Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.

  • CVE-2014-1279Mar 14, 2014
    risk 0.00cvss epss 0.00

    Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.

  • CVE-2014-1278Mar 14, 2014
    risk 0.00cvss epss 0.00

    The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.

  • CVE-2014-1276Mar 14, 2014
    risk 0.00cvss epss 0.01

    IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.

  • CVE-2014-1275Mar 14, 2014
    risk 0.00cvss epss 0.03

    Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

  • CVE-2014-1274Mar 14, 2014
    risk 0.00cvss epss 0.00

    FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.

  • CVE-2014-1273Mar 14, 2014
    risk 0.00cvss epss 0.01

    dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

  • CVE-2014-1272Mar 14, 2014
    risk 0.00cvss epss 0.00

    CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

  • CVE-2014-1271Mar 14, 2014
    risk 0.00cvss epss 0.01

    CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.

  • CVE-2014-1267Mar 14, 2014
    risk 0.00cvss epss 0.01

    The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.

  • CVE-2013-5133Mar 14, 2014
    risk 0.00cvss epss 0.02

    Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

  • CVE-2014-0106Mar 11, 2014
    risk 0.00cvss epss 0.00

    Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

  • CVE-2014-2234Mar 5, 2014
    risk 0.00cvss epss 0.01

    A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra…

  • CVE-2014-1270Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.

  • CVE-2014-1269Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

  • CVE-2014-1268Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

  • CVE-2014-1265Feb 27, 2014
    risk 0.00cvss epss 0.00

    The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

  • CVE-2014-1264Feb 27, 2014
    risk 0.00cvss epss 0.00

    Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

  • CVE-2014-1263Feb 27, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2014-1262Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.

Page 130 of 169