Skip to main content
CVE-2014-4351 MEDIUM This Month

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2014-4391 MEDIUM This Month

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4441 MEDIUM This Month

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-4438 MEDIUM This Month

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4437 MEDIUM This Month

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-3573 MEDIUM This Month

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-4428 MEDIUM This Month

Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Rated medium severity (CVSS 5.4). No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
5.4
EPSS
0.9%
CVE-2014-4417 MEDIUM This Month

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4434 MEDIUM This Month

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-4442 MEDIUM This Month

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-4432 MEDIUM This Month

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-4430 MEDIUM This Month

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-4425 MEDIUM This Month

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4435 MEDIUM This Month

The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access. Rated medium severity (CVSS 4.4). No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-4426 MEDIUM This Month

AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4444 MEDIUM This Month

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by. Rated medium severity (CVSS 4.4). No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-4436 MEDIUM This Month

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4439 MEDIUM This Month

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy