CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1212 DoS 2015-02-06 2015-02-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2015-1211 264 +Priv 2015-02-06 2015-02-20
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
3 CVE-2015-1209 DoS 2015-02-06 2015-02-20
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
4 CVE-2014-8829 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
5 CVE-2014-8828 264 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
6 CVE-2014-8825 20 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
7 CVE-2014-8821 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.
8 CVE-2014-8820 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.
9 CVE-2014-8819 +Priv 2015-01-30 2015-02-18
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.
10 CVE-2014-8517 77 Exec Code 2014-11-17 2015-02-05
7.5
None Remote Low Not required Partial Partial Partial
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
11 CVE-2014-6184 119 Overflow +Priv 2015-02-21 2015-02-23
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
12 CVE-2014-4493 264 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
13 CVE-2014-4492 19 Exec Code 2015-01-30 2015-02-02
7.5
None Remote Low Not required Partial Partial Partial
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
14 CVE-2014-4485 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
15 CVE-2014-4484 19 DoS Exec Code Mem. Corr. 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
16 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
17 CVE-2014-4457 264 Bypass 2014-11-18 2014-12-23
7.5
None Remote Low Not required Partial Partial Partial
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
18 CVE-2014-4451 264 Bypass 2014-11-18 2014-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
19 CVE-2014-4443 20 DoS 2014-10-17 2014-10-31
7.8
None Remote Low Not required None None Complete
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
20 CVE-2014-4436 119 DoS Overflow 2014-10-17 2014-10-31
7.1
None Remote Medium Not required None None Complete
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
21 CVE-2014-4433 119 Exec Code Overflow 2014-10-17 2014-10-31
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
22 CVE-2014-4427 264 Bypass 2014-10-17 2014-10-31
7.5
None Remote Low Not required Partial Partial Partial
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
23 CVE-2014-4424 89 Exec Code Sql 2014-09-19 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2014-4379 119 Overflow Bypass 2014-09-18 2014-09-23
7.1
None Remote Medium Not required Complete None None
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
25 CVE-2014-4375 DoS +Priv 2014-09-18 2014-10-24
7.2
None Local Low Not required Complete Complete Complete
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
26 CVE-2014-4373 DoS 2014-09-18 2014-10-24
7.8
None Remote Low Not required None None Complete
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
27 CVE-2014-4369 DoS 2014-09-18 2014-09-18
7.8
None Remote Low Not required None None Complete
The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
28 CVE-2014-1568 310 2014-09-25 2015-01-22
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
29 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2014-07-24
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
30 CVE-2014-1287 119 DoS Exec Code Overflow Mem. Corr. 2014-03-14 2014-03-14
7.2
None Local Low Not required Complete Complete Complete
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
31 CVE-2014-1280 DoS 2014-03-14 2014-03-14
7.1
None Remote Medium Not required None None Complete
Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
32 CVE-2014-1278 119 DoS Overflow +Priv 2014-03-14 2014-03-14
7.2
None Local Low Not required Complete Complete Complete
The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
33 CVE-2014-1271 20 DoS 2014-03-14 2014-03-14
7.8
None Remote Low Not required None None Complete
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
34 CVE-2014-1262 119 Overflow Mem. Corr. Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.
35 CVE-2014-1261 189 DoS Exec Code 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
36 CVE-2014-1256 119 Overflow Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
37 CVE-2014-1255 20 Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
38 CVE-2014-1252 399 DoS Exec Code 2014-01-24 2014-04-04
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
39 CVE-2013-5179 264 Bypass 2013-10-23 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
40 CVE-2013-5172 189 DoS 2013-10-23 2013-10-24
7.1
None Remote Medium Not required None None Complete
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
41 CVE-2013-5155 20 DoS 2013-09-19 2013-10-22
7.1
None Remote Medium Not required None None Complete
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
42 CVE-2013-5148 264 2013-10-24 2013-10-24
7.2
None Local Low Not required Complete Complete Complete
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.
43 CVE-2013-5141 189 DoS 2013-09-19 2013-10-30
7.1
None Remote Medium Not required None None Complete
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
44 CVE-2013-5140 20 DoS 2013-09-19 2013-10-22
7.8
None Remote Low Not required None None Complete
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
45 CVE-2013-5135 134 Exec Code 2013-10-23 2013-10-24
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
46 CVE-2013-2842 399 DoS 2013-05-22 2014-01-27
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
47 CVE-2013-0981 +Priv 2013-03-20 2013-03-21
7.2
None Local Low Not required Complete Complete Complete
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.
48 CVE-2013-0894 119 DoS Overflow 2013-02-23 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.
49 CVE-2013-0886 2013-02-23 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
50 CVE-2013-0879 119 DoS Overflow Mem. Corr. 2013-02-23 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 429   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.