Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1261 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||||
CVE-2014-1258 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |||||
CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2014-02-27 | 3.6 LOW | N/A |
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2014-1254 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||||
CVE-2014-1870 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2014-02-07 | 4.3 MEDIUM | N/A |
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | |||||
CVE-2013-1024 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-01-27 | 6.8 MEDIUM | N/A |
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
CVE-2013-6886 | 3 Apple, Linux, Realvnc | 3 Mac Os X, Linux Kernel, Realvnc | 2013-12-30 | 7.2 HIGH | N/A |
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | |||||
CVE-2012-5272 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-11-24 | 10.0 HIGH | N/A |
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. | |||||
CVE-2013-6799 | 1 Apple | 1 Mac Os X | 2013-11-19 | 4.7 MEDIUM | N/A |
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105. | |||||
CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2013-11-19 | 6.8 MEDIUM | N/A |
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | |||||
CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-30 | 6.9 MEDIUM | N/A |
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.4 MEDIUM | N/A |
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||
CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2013-10-24 | 1.9 LOW | N/A |
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||||
CVE-2013-5173 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.1 LOW | N/A |
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||||
CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.6 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
CVE-2013-5176 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | |||||
CVE-2013-5177 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||||
CVE-2013-5168 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.8 MEDIUM | N/A |
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||||
CVE-2013-5180 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | |||||
CVE-2013-5181 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. |