Vulnerabilities > Apple > MAC OS X > 10.9.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-18 | CVE-2014-4459 | Memory Corruption vulnerability in WebKit Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. network apple | 6.8 |
| 2014-11-18 | CVE-2014-4458 | Information Exposure vulnerability in Apple mac OS X The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-18 | CVE-2014-4453 | Information Exposure vulnerability in Apple Iphone OS and mac OS X Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |
| 2014-11-04 | CVE-2014-3660 | Denial of Service vulnerability in Libxml2 Entities Expansion parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | 5.0 |
| 2014-10-18 | CVE-2014-4444 | Improper Authentication vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | 4.4 |
| 2014-10-18 | CVE-2014-4443 | Improper Input Validation vulnerability in Apple mac OS X Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | 7.8 |
| 2014-10-18 | CVE-2014-4442 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | 4.7 |
| 2014-10-18 | CVE-2014-4441 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | 6.8 |
| 2014-10-18 | CVE-2014-4440 | Information Exposure vulnerability in Apple mac OS X The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | 2.6 |