Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1370 1Apple 2Mac Os X Mac Os X Server May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted Ap...Show more The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.Show less
CVE-2014-1361 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentia...Show more Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.Show less
CVE-2014-1359 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1358 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1357 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
CVE-2014-1356 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
CVE-2014-1355 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and re...Show more The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.Show less
CVE-2014-1317 1Apple 1Mac Os X May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.
CVE-2013-7040 2Apple Python 2Mac Os X Python May 6, 2026 May 19, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easie...Show more Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.Show less
CVE-2014-1322 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an un...Show more The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.Show less
CVE-2014-1321 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action...Show more Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.Show less
CVE-2014-1320 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by...Show more IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.Show less
CVE-2014-1319 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-2014-1318 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1316 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.
CVE-2014-1315 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a...Show more Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.Show less
CVE-2014-1314 1Apple 1Mac Os X May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted applicati...Show more WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.Show less
CVE-2014-1296 1Apple 4Iphone Os Mac Os XMac Os X Server+1 more May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to...Show more CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.Show less
CVE-2014-1295 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before reneg...Show more Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."Show less
CVE-2013-7338 2Apple Python 2Mac Os X Python May 6, 2026 Apr 22, 2014 N/A· v4 N/A· v3 7.1 HIGH· v2 Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(...Show more Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.Show less

Previous 1...112113114...161 Next