U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
There are 1,926 matching records.
Displaying matches 1,701 through 1,720.
Vuln ID Summary CVSS Severity
CVE-2014-1265

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-1264

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2014-1263

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1262

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1261

Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1260

QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1259

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1258

Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1257

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2014-1256

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1255

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1254

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1252

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

Published: January 24, 2014; 10:08:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Published: December 16, 2013; 11:46:45 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Published: November 27, 2013; 11:37:39 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5192

The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5191

The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-5190

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5189

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-5188

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM