Apple » Mac Os X Server » 10.7.2 : Security Vulnerabilities, CVEs, Published In 2014
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
Max CVSS
7.5
EPSS Score
3.90%
Published
2014-07-01
Updated
2015-12-22
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
Max CVSS
6.8
EPSS Score
5.30%
Published
2014-07-01
Updated
2016-12-08
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
Max CVSS
4.3
EPSS Score
0.50%
Published
2014-04-23
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
Max CVSS
6.8
EPSS Score
1.18%
Published
2014-02-27
Updated
2016-12-08
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-27
Updated
2014-02-27
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
Max CVSS
6.8
EPSS Score
0.10%
Published
2014-02-27
Updated
2014-03-10
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
Max CVSS
7.5
EPSS Score
0.28%
Published
2014-02-27
Updated
2014-02-27
9 vulnerabilities found