Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1375 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-1373 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1372 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.9 MEDIUM | N/A |
| Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. | |||||
| CVE-2014-1353 | 1 Apple | 1 Iphone Os | 2024-11-21 | 3.6 LOW | N/A |
| Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. | |||||
| CVE-2014-1352 | 1 Apple | 1 Iphone Os | 2024-11-21 | 1.9 LOW | N/A |
| Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | |||||
| CVE-2014-1351 | 1 Apple | 1 Iphone Os | 2024-11-21 | 3.6 LOW | N/A |
| Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. | |||||
| CVE-2014-1350 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.6 MEDIUM | N/A |
| Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. | |||||
| CVE-2014-1347 | 1 Apple | 2 Itunes, Mac Os X | 2024-11-21 | 4.4 MEDIUM | N/A |
| Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. | |||||
| CVE-2014-1321 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.3 LOW | N/A |
| Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. | |||||
| CVE-2014-1314 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | N/A |
| WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | |||||
| CVE-2014-1296 | 1 Apple | 4 Iphone Os, Mac Os X, Mac Os X Server and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | |||||
| CVE-2014-1285 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.8 MEDIUM | N/A |
| Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | |||||
| CVE-2014-1282 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | |||||
| CVE-2014-1281 | 1 Apple | 1 Iphone Os | 2024-11-21 | 1.9 LOW | N/A |
| Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. | |||||
| CVE-2014-1279 | 1 Apple | 1 Tvos | 2024-11-21 | 2.1 LOW | N/A |
| Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. | |||||
| CVE-2014-1276 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | N/A |
| IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. | |||||
| CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
| CVE-2014-1264 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.3 LOW | N/A |
| Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. | |||||
| CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.6 LOW | N/A |
| CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2014-1226 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. | |||||