Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5704 5Apache AppleCanonical+2 more 15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 more May 6, 2026 Apr 15, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the...Show more The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."Show less
CVE-2014-0067 2Apple Postgresql 3Mac Os X Mac Os X ServerPostgresql May 6, 2026 Mar 31, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local...Show more The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.Show less
CVE-2014-0106 2Apple Todd Miller 2Mac Os X Sudo May 6, 2026 Mar 11, 2014 N/A· v4 N/A· v3 6.6 MEDIUM· v2 Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions vi...Show more Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.Show less
CVE-2014-2234 1Apple 1Mac Os X Apr 29, 2026 Mar 5, 2014 N/A· v4 N/A· v3 6.4 MEDIUM· v2 A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's doc...Show more A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application.Show less
CVE-2014-1912 2Apple Python 2Mac Os X Python Apr 29, 2026 Mar 1, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
CVE-2014-1270 1Apple 4Mac Os X Mac Os X ServerSafari+1 more Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ...Show more WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.Show less
CVE-2014-1269 1Apple 4Mac Os X Mac Os X ServerSafari+1 more Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ...Show more WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.Show less
CVE-2014-1268 1Apple 4Mac Os X Mac Os X ServerSafari+1 more Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ...Show more WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.Show less
CVE-2014-1265 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
CVE-2014-1264 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard file...Show more Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.Show less
CVE-2014-1263 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Com...Show more curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.Show less
CVE-2014-1262 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.
CVE-2014-1261 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
CVE-2014-1260 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
CVE-2014-1259 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
CVE-2014-1258 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
CVE-2014-1257 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstatio...Show more CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.Show less
CVE-2014-1256 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
CVE-2014-1255 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
CVE-2014-1254 1Apple 1Mac Os X Apr 29, 2026 Feb 27, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

Previous 1...113114115...161 Next