Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-3707 6Apple CanonicalDebian+3 more 6Debian Linux HyperionLibcurl+3 more May 6, 2026 Nov 15, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that...Show more The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.Show less
CVE-2014-3660 5Apple CanonicalDebian+2 more 5Debian Linux Enterprise LinuxLibxml2+2 more May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a c...Show more parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.Show less
CVE-2014-4444 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User S...Show more SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.Show less
CVE-2014-4443 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
CVE-2014-4442 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
CVE-2014-4441 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing...Show more NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.Show less
CVE-2014-4440 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 2.6 LOW· v2 The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opport...Show more The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.Show less
CVE-2014-4439 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by...Show more Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.Show less
CVE-2014-4438 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
CVE-2014-4437 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
CVE-2014-4436 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
CVE-2014-4435 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force atta...Show more The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.Show less
CVE-2014-4434 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.
CVE-2014-4433 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
CVE-2014-4432 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartex...Show more fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.Show less
CVE-2014-4431 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
CVE-2014-4430 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.
CVE-2014-4428 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
CVE-2014-4427 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
CVE-2014-4426 1Apple 1Mac Os X May 6, 2026 Oct 18, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

Previous 1...108109110...161 Next