Vulnerabilities > Apple > MAC OS X > 10.7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-27 | CVE-2014-1263 | Cryptographic Issues vulnerability in Apple mac OS X curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 4.3 |
| 2014-02-27 | CVE-2014-1262 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | 7.5 |
| 2014-02-27 | CVE-2014-1261 | Numeric Errors vulnerability in Apple mac OS X Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | 7.5 |
| 2014-02-27 | CVE-2014-1259 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. | 6.8 |
| 2014-02-27 | CVE-2014-1258 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | 6.8 |
| 2014-02-27 | CVE-2014-1256 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | 7.5 |
| 2014-02-27 | CVE-2014-1255 | Improper Input Validation vulnerability in Apple mac OS X Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | 7.5 |
| 2014-02-27 | CVE-2014-1254 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | 6.8 |
| 2014-01-24 | CVE-2014-1252 | Double Free vulnerability in Apple Iphone OS, mac OS X and Pages Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | 7.5 |
| 2013-10-04 | CVE-2013-5163 | Improper Authentication vulnerability in Apple mac OS X Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | 6.6 |