Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-02-27 CVE-2014-1258 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
network
apple CWE-119
6.8
2014-02-27 CVE-2014-1254 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.
network
apple CWE-119
6.8
2014-02-18 CVE-2014-2019 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
local
low complexity
apple CWE-264
4.9
2014-02-14 CVE-2014-1253 Buffer Errors vulnerability in Apple Boot Camp 5.0
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.
local
apple CWE-119
4.7
2014-02-06 CVE-2014-1870 Unspecified vulnerability in Opera Browser
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
network
opera apple
4.3
2014-01-23 CVE-2014-1242 Cryptographic Issues vulnerability in Apple Itunes
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
network
apple CWE-310
5.8
2013-12-18 CVE-2013-5228 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5227 Permissions, Privileges, and Access Controls vulnerability in Apple Safari
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.
network
low complexity
apple CWE-264
6.4
2013-12-18 CVE-2013-5225 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5199 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8