CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2014 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-7861 20 DoS Exec Code 2014-10-05 2014-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
2 CVE-2014-4979 119 DoS Exec Code Overflow Mem. Corr. 2014-07-26 2014-09-23
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
3 CVE-2014-4433 119 Exec Code Overflow 2014-10-17 2014-10-21
4.4
None Local Medium Not required Partial Partial Partial
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
4 CVE-2014-4424 89 Exec Code Sql 2014-09-19 2014-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2014-4418 20 Exec Code 2014-09-18 2014-09-18
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
6 CVE-2014-4416 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401.
7 CVE-2014-4415 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
8 CVE-2014-4414 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
9 CVE-2014-4413 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
10 CVE-2014-4412 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
11 CVE-2014-4411 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
12 CVE-2014-4410 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
13 CVE-2014-4405 DoS Exec Code 2014-09-18 2014-09-18
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
14 CVE-2014-4404 119 Exec Code Overflow 2014-09-18 2014-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
15 CVE-2014-4402 119 Exec Code Overflow 2014-09-19 2014-09-19
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
16 CVE-2014-4401 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416.
17 CVE-2014-4400 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416.
18 CVE-2014-4399 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
19 CVE-2014-4398 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
20 CVE-2014-4397 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
21 CVE-2014-4396 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
22 CVE-2014-4395 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
23 CVE-2014-4394 20 Exec Code 2014-09-19 2014-09-19
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
24 CVE-2014-4393 119 DoS Exec Code Overflow 2014-09-19 2014-09-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.
25 CVE-2014-4391 310 Exec Code Bypass 2014-10-17 2014-10-21
6.8
None Remote Medium Not required Partial Partial Partial
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
26 CVE-2014-4390 20 Exec Code 2014-09-19 2014-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
27 CVE-2014-4389 189 Exec Code Overflow 2014-09-18 2014-09-23
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
28 CVE-2014-4388 20 Exec Code 2014-09-18 2014-09-23
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
29 CVE-2014-4381 119 Exec Code Overflow 2014-09-18 2014-09-23
9.3
None Remote Medium Not required Complete Complete Complete
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
30 CVE-2014-4380 119 Exec Code Overflow 2014-09-18 2014-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
31 CVE-2014-4377 189 DoS Exec Code Overflow 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
32 CVE-2014-4376 DoS Exec Code 2014-09-19 2014-09-19
10.0
None Remote Low Not required Complete Complete Complete
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.
33 CVE-2014-4351 119 DoS Exec Code Overflow 2014-10-17 2014-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
34 CVE-2014-4350 119 DoS Exec Code Overflow 2014-09-19 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
35 CVE-2014-1391 119 DoS Exec Code Overflow Mem. Corr. 2014-09-19 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
36 CVE-2014-1390 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-08-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
37 CVE-2014-1389 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
38 CVE-2014-1388 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
39 CVE-2014-1387 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
40 CVE-2014-1386 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-08-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
41 CVE-2014-1385 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
42 CVE-2014-1384 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
43 CVE-2014-1382 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2014-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
44 CVE-2014-1381 264 DoS Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
45 CVE-2014-1377 Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
46 CVE-2014-1376 264 Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
47 CVE-2014-1373 264 Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
48 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2014-07-24
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
49 CVE-2014-1370 119 DoS Exec Code Overflow 2014-07-01 2014-07-24
6.8
None Remote Medium Not required Partial Partial Partial
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
50 CVE-2014-1368 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2014-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
Total number of vulnerabilities : 127   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.