Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
12-09-2023 - 14:55 15-10-2014 - 00:55
CVE-2014-8826 5.0
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
17-07-2020 - 18:15 30-01-2015 - 11:59
CVE-2014-4371 1.9
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a diffe
07-11-2019 - 15:36 18-09-2014 - 10:55
CVE-2014-4485 7.5
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML docum
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4491 5.0
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4483 6.8
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4492 7.5
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC mes
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4489 10.0
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4389 9.3
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4487 10.0
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4488 10.0
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4461 9.3
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Per an <a href="http://su
08-03-2019 - 16:06 18-11-2014 - 11:59
CVE-2014-4495 10.0
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restric
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4421 1.9
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a diffe
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4419 1.9
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a diffe
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4420 1.9
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a diffe
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4486 10.0
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4484 7.5
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-4481 6.8
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
08-03-2019 - 16:06 30-01-2015 - 11:59
CVE-2014-7187 10.0
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
09-10-2018 - 19:52 28-09-2014 - 19:55
CVE-2014-7186 10.0
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
09-10-2018 - 19:52 28-09-2014 - 19:55
CVE-2014-6277 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
09-08-2018 - 01:29 27-09-2014 - 22:55
CVE-2014-3568 4.3
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr
15-11-2017 - 02:29 19-10-2014 - 01:55
CVE-2014-3567 7.1
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
15-11-2017 - 02:29 19-10-2014 - 01:55
CVE-2014-8517 7.5
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an H
06-11-2017 - 02:29 17-11-2014 - 16:59
CVE-2014-8831 5.0
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8823 4.7
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first ar
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8830 6.8
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8824 10.0
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8839 5.0
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8838 4.3
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate f
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8816 6.8
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8821 7.2
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8837 9.3
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8833 2.1
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8822 10.0
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8835 9.3
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, relat
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8829 7.5
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8817 10.0
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8836 10.0
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8825 7.2
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8819 7.2
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8827 2.1
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8834 2.1
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8820 7.2
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8832 4.9
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-8828 7.5
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2014-4426 4.3
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
29-08-2017 - 01:35 18-10-2014 - 01:55
CVE-2014-4460 2.1
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading
29-08-2017 - 01:35 18-11-2014 - 11:59
CVE-2011-2391 6.1
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
29-08-2017 - 01:29 19-09-2013 - 10:27
CVE-2014-1595 2.1
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive informat
04-10-2016 - 02:01 11-12-2014 - 11:59
CVE-2014-4497 10.0
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
30-11-2015 - 19:20 30-01-2015 - 11:59
CVE-2014-4499 2.1
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.
30-11-2015 - 19:20 30-01-2015 - 11:59
CVE-2014-4498 4.7
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
09-10-2015 - 20:47 30-01-2015 - 11:59
Back to Top Mark selected
Back to Top