Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.4.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1088 |
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Published: April 10, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2787 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Published: March 30, 2015; 6:59:15 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2348 |
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Published: March 30, 2015; 6:59:14 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2301 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Published: March 30, 2015; 6:59:10 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1352 |
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. Published: March 30, 2015; 6:59:08 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1351 |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: March 30, 2015; 6:59:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1069 |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Published: March 18, 2015; 6:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1066 |
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. Published: March 12, 2015; 6:59:11 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-1065 |
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. Published: March 12, 2015; 6:59:09 AM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2015-1061 |
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. Published: March 12, 2015; 6:59:05 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-1067 |
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. Published: March 10, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8839 |
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Published: January 30, 2015; 6:59:48 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8838 |
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. Published: January 30, 2015; 6:59:47 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8837 |
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Published: January 30, 2015; 6:59:46 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-8836 |
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. Published: January 30, 2015; 6:59:45 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-8833 |
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. Published: January 30, 2015; 6:59:43 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-8832 |
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. Published: January 30, 2015; 6:59:42 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-8831 |
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. Published: January 30, 2015; 6:59:41 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8830 |
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Published: January 30, 2015; 6:59:40 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8829 |
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. Published: January 30, 2015; 6:59:39 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |