Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-15 | CVE-2014-0558 | Code Injection vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. | 10.0 |
| 2014-10-15 | CVE-2014-3566 | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |
| 2014-10-08 | CVE-2014-7185 | Numeric Errors vulnerability in multiple products Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | 6.4 |
| 2014-10-05 | CVE-2014-7861 | Improper Input Validation vulnerability in Apple mac OS X The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | 9.3 |
| 2014-09-25 | CVE-2014-1568 | Cryptographic Issues vulnerability in Google Chrome Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | 7.5 |
| 2014-09-25 | CVE-2014-7169 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 9.8 |
| 2014-09-24 | CVE-2014-6271 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | 9.8 |
| 2014-09-19 | CVE-2014-4416 | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. | 6.9 |
| 2014-09-19 | CVE-2014-4403 | Information Exposure vulnerability in Apple mac OS X The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | 2.1 |
| 2014-09-19 | CVE-2014-4402 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |