Filtered by vendor Apple
Subscribe
Total
11572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.6 LOW | N/A |
| CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2014-1256 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.5 HIGH | N/A |
| Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-1254 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||||
| CVE-2014-1253 | 1 Apple | 1 Boot Camp | 2024-11-21 | 4.7 MEDIUM | N/A |
| AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. | |||||
| CVE-2014-1252 | 1 Apple | 3 Iphone Os, Mac Os X, Pages | 2024-11-21 | 7.5 HIGH | N/A |
| Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | |||||
| CVE-2014-1251 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. | |||||
| CVE-2014-1250 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file. | |||||
| CVE-2014-1249 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image. | |||||
| CVE-2014-1248 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file. | |||||
| CVE-2014-1247 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file. | |||||
| CVE-2014-1246 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. | |||||
| CVE-2014-1245 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file. | |||||
| CVE-2014-1244 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||||
| CVE-2014-1243 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. | |||||
| CVE-2014-1242 | 1 Apple | 1 Itunes | 2024-11-21 | 5.8 MEDIUM | N/A |
| Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||||
| CVE-2014-0876 | 3 Apple, Ibm, Microsoft | 3 Mac Os X, Tivoli Storage Manager, Windows | 2024-11-21 | 2.1 LOW | N/A |
| Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors. | |||||
| CVE-2014-0647 | 2 Apple, Starbucks | 2 Iphone Os, Starbucks | 2024-11-21 | 2.1 LOW | N/A |
| The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. | |||||
| CVE-2014-0590 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586. | |||||
| CVE-2014-0589 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582. | |||||