Vulnerabilities > Apple > MAC OS X

DATE CVE VULNERABILITY TITLE RISK
2014-11-11 CVE-2014-0583 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.
network
low complexity
adobe apple microsoft linux CWE-119
7.5
7.5
2014-11-11 CVE-2014-0582 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589.
network
low complexity
adobe apple microsoft linux CWE-119
critical
 10.0
10
2014-11-11 CVE-2014-0581 Memory Corruption vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-11 CVE-2014-0577 Code Injection vulnerability in Adobe products
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.
network
low complexity
adobe apple microsoft linux CWE-94
critical
 10.0
10
2014-11-11 CVE-2014-0576 Memory Corruption vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-11 CVE-2014-0574 Code Injection vulnerability in Adobe products
Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe apple microsoft linux CWE-94
critical
 10.0
10
2014-11-11 CVE-2014-0573 Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-04 CVE-2014-3660 Denial of Service vulnerability in Libxml2 Entities Expansion
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
network
low complexity
xmlsoft apple canonical debian redhat
5.0
5.0
2014-10-18 CVE-2014-4444 Improper Authentication vulnerability in Apple mac OS X
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
local
apple CWE-287
4.4
4.4
2014-10-18 CVE-2014-4443 Improper Input Validation vulnerability in Apple mac OS X
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
network
low complexity
apple CWE-20
7.8
7.8