Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
| CVE-2014-1259 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. | |||||
| CVE-2014-1256 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.5 HIGH | N/A |
| Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-0067 | 2 Apple, Postgresql | 3 Mac Os X, Mac Os X Server, Postgresql | 2024-11-21 | 4.6 MEDIUM | N/A |
| The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. | |||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 16 Http Server, Mac Os X, Mac Os X Server and 13 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | |||||
| CVE-2013-1024 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.9 MEDIUM | N/A |
| SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||||
| CVE-2013-0984 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 9.3 HIGH | N/A |
| Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | |||||
| CVE-2013-0982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 1.7 LOW | N/A |
| The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | |||||
| CVE-2013-0975 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||||
| CVE-2013-0971 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | |||||
| CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||||
| CVE-2013-0966 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||||
| CVE-2013-0961 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-11-21 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | |||||
| CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-11-21 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | |||||
| CVE-2012-3723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. | |||||
| CVE-2012-3722 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | |||||
| CVE-2012-3719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. | |||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 2.1 LOW | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||