| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-4460 |
200 |
|
+Info |
2014-11-18 |
2015-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. |
|
2 |
CVE-2014-4459 |
|
|
Exec Code |
2014-11-18 |
2015-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. |
|
3 |
CVE-2014-4458 |
200 |
|
+Info |
2014-11-18 |
2015-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
4 |
CVE-2014-4453 |
200 |
|
+Info |
2014-11-18 |
2015-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
5 |
CVE-2014-4350 |
119 |
|
DoS Exec Code Overflow |
2014-09-19 |
2014-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. |
|
6 |
CVE-2014-1391 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-09-19 |
2014-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. |
|
7 |
CVE-2014-1371 |
119 |
|
DoS Exec Code Overflow |
2014-07-01 |
2015-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. |
|
8 |
CVE-2014-1370 |
119 |
|
DoS Exec Code Overflow |
2014-07-01 |
2015-12-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. |
|
9 |
CVE-2014-1296 |
264 |
|
Bypass |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. |
|
10 |
CVE-2014-1270 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-02-26 |
2014-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269. |
|
11 |
CVE-2014-1269 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-02-26 |
2014-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270. |
|
12 |
CVE-2014-1268 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-02-26 |
2014-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270. |
|
13 |
CVE-2014-1265 |
264 |
|
Bypass |
2014-02-26 |
2014-02-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. |
|
14 |
CVE-2014-1259 |
119 |
|
DoS Exec Code Overflow |
2014-02-26 |
2014-03-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. |
|
15 |
CVE-2014-1256 |
119 |
|
Overflow Bypass |
2014-02-26 |
2014-02-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. |
|
16 |
CVE-2013-7127 |
310 |
|
+Info |
2013-12-17 |
2016-09-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. |
|
17 |
CVE-2013-1024 |
20 |
|
DoS Exec Code |
2013-06-05 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
|
18 |
CVE-2013-0990 |
264 |
|
|
2013-06-05 |
2013-06-05 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
|
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. |
|
19 |
CVE-2013-0982 |
200 |
|
Bypass +Info |
2013-06-05 |
2013-06-05 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. |
|
20 |
CVE-2013-0975 |
119 |
|
DoS Exec Code Overflow |
2013-06-05 |
2013-06-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. |
|
21 |
CVE-2013-0973 |
|
|
Exec Code |
2013-03-15 |
2013-03-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. |
|
22 |
CVE-2013-0971 |
399 |
|
DoS Exec Code |
2013-03-15 |
2013-03-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. |
|
23 |
CVE-2013-0967 |
|
|
Bypass |
2013-03-15 |
2013-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. |
|
24 |
CVE-2013-0966 |
|
|
Bypass |
2013-03-15 |
2013-03-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. |