Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0581 |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441. Published: November 11, 2014; 6:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0577 |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. Published: November 11, 2014; 6:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0576 |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441. Published: November 11, 2014; 6:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0574 |
Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. Published: November 11, 2014; 6:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0573 |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. Published: November 11, 2014; 6:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-3660 |
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. Published: November 04, 2014; 11:55:06 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4444 |
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-4443 |
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-4442 |
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-4441 |
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4440 |
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2014-4439 |
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4438 |
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-4437 |
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4436 |
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4435 |
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-4434 |
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-4433 |
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-4432 |
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-4431 |
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Published: October 17, 2014; 9:55:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |