CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1212 DoS 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2015-1211 264 +Priv 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
3 CVE-2015-1209 DoS 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
4 CVE-2015-1149 189 DoS Overflow 2015-04-10 2015-04-14
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.
5 CVE-2015-1144 119 Overflow +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
6 CVE-2015-1143 +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
7 CVE-2015-1140 119 Overflow +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
8 CVE-2015-1137 DoS +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
9 CVE-2015-1135 20 +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
10 CVE-2015-1134 20 +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
11 CVE-2015-1133 20 +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
12 CVE-2015-1131 20 +Priv 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
13 CVE-2015-1130 254 Bypass 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
14 CVE-2015-1103 20 DoS +Info 2015-04-10 2015-04-14
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
15 CVE-2015-1102 20 DoS 2015-04-10 2015-04-14
7.1
None Remote Medium Not required None None Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
16 CVE-2015-1095 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
17 CVE-2015-1063 DoS 2015-03-12 2015-03-17
7.8
None Remote Low Not required None None Complete
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
18 CVE-2014-8829 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
19 CVE-2014-8828 264 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
20 CVE-2014-8825 20 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
21 CVE-2014-8821 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.
22 CVE-2014-8820 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.
23 CVE-2014-8819 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.
24 CVE-2014-8517 77 Exec Code 2014-11-17 2015-02-05
7.5
None Remote Low Not required Partial Partial Partial
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
25 CVE-2014-6184 119 Overflow +Priv 2015-02-21 2015-02-23
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
26 CVE-2014-4493 264 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
27 CVE-2014-4492 19 1 Exec Code 2015-01-30 2015-03-02
7.5
None Remote Low Not required Partial Partial Partial
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
28 CVE-2014-4485 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
29 CVE-2014-4484 19 DoS Exec Code Mem. Corr. 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
30 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
31 CVE-2014-4457 264 Bypass 2014-11-18 2014-12-23
7.5
None Remote Low Not required Partial Partial Partial
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
32 CVE-2014-4451 264 Bypass 2014-11-18 2014-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
33 CVE-2014-4443 20 DoS 2014-10-17 2014-10-31
7.8
None Remote Low Not required None None Complete
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
34 CVE-2014-4436 119 DoS Overflow 2014-10-17 2014-10-31
7.1
None Remote Medium Not required None None Complete
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
35 CVE-2014-4433 119 Exec Code Overflow 2014-10-17 2014-10-31
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
36 CVE-2014-4427 264 Bypass 2014-10-17 2014-10-31
7.5
None Remote Low Not required Partial Partial Partial
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
37 CVE-2014-4424 89 Exec Code Sql 2014-09-19 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
38 CVE-2014-4379 119 Overflow Bypass 2014-09-18 2014-09-23
7.1
None Remote Medium Not required Complete None None
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
39 CVE-2014-4375 DoS +Priv 2014-09-18 2014-10-24
7.2
None Local Low Not required Complete Complete Complete
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
40 CVE-2014-4373 DoS 2014-09-18 2014-10-24
7.8
None Remote Low Not required None None Complete
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
41 CVE-2014-4369 DoS 2014-09-18 2014-09-18
7.8
None Remote Low Not required None None Complete
The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
42 CVE-2014-1568 310 2014-09-25 2015-04-16
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
43 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2014-07-24
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
44 CVE-2014-1287 119 DoS Exec Code Overflow Mem. Corr. 2014-03-14 2014-03-14
7.2
None Local Low Not required Complete Complete Complete
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
45 CVE-2014-1280 DoS 2014-03-14 2014-03-14
7.1
None Remote Medium Not required None None Complete
Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
46 CVE-2014-1278 119 DoS Overflow +Priv 2014-03-14 2014-03-14
7.2
None Local Low Not required Complete Complete Complete
The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
47 CVE-2014-1271 20 DoS 2014-03-14 2014-03-14
7.8
None Remote Low Not required None None Complete
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
48 CVE-2014-1262 119 Overflow Mem. Corr. Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.
49 CVE-2014-1261 189 DoS Exec Code 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
50 CVE-2014-1256 119 Overflow Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
Total number of vulnerabilities : 443   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.