U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
There are 1,935 matching records.
Displaying matches 1,641 through 1,660.
Vuln ID Summary CVSS Severity
CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

Published: November 18, 2014; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

Published: November 18, 2014; 6:59:06 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4458

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

Published: November 18, 2014; 6:59:05 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

Published: November 18, 2014; 6:59:02 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Published: November 04, 2014; 11:55:06 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4444

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2014-4443

Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-4442

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2014-4441

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4440

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2014-4439

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4438

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-4437

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4436

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4435

The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2014-4434

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-4433

Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-4432

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2014-4431

Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4430

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

Published: October 17, 2014; 9:55:13 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM