Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1380 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.6 LOW | N/A |
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. | |||||
CVE-2014-1371 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2015-12-22 | 7.5 HIGH | N/A |
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. | |||||
CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2015-11-30 | 4.3 MEDIUM | N/A |
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2014-4497 | 1 Apple | 1 Mac Os X | 2015-11-30 | 10.0 HIGH | N/A |
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. | |||||
CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2015-11-30 | 2.1 LOW | N/A |
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2014-1379 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. | |||||
CVE-2014-1377 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. | |||||
CVE-2014-1376 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
CVE-2014-1372 | 1 Apple | 1 Mac Os X | 2015-11-20 | 4.9 MEDIUM | N/A |
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. | |||||
CVE-2014-1373 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
CVE-2015-0310 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2015-11-13 | 10.0 HIGH | N/A |
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | |||||
CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2015-11-04 | 5.4 MEDIUM | N/A |
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
CVE-2015-7003 | 1 Apple | 1 Mac Os X | 2015-10-26 | 6.8 MEDIUM | N/A |
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | |||||
CVE-2015-6987 | 1 Apple | 1 Mac Os X | 2015-10-26 | 2.1 LOW | N/A |
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | |||||
CVE-2015-6985 | 1 Apple | 1 Mac Os X | 2015-10-26 | 6.8 MEDIUM | N/A |
Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. | |||||
CVE-2015-7021 | 1 Apple | 1 Mac Os X | 2015-10-26 | 7.2 HIGH | N/A |
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. | |||||
CVE-2015-5945 | 1 Apple | 1 Mac Os X | 2015-10-26 | 7.2 HIGH | N/A |
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | |||||
CVE-2015-7020 | 1 Apple | 1 Mac Os X | 2015-10-26 | 5.6 MEDIUM | N/A |
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. |