Apple

macOS X

3207 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-4437

  • EPSS 0.46%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.

6.9

CVE-2014-4438

  • EPSS 0.04%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.

4.3

CVE-2014-4439

  • EPSS 0.44%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exc...

2.6

CVE-2014-4440

  • EPSS 0.84%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by lever...

6.8

CVE-2014-4441

  • EPSS 0.67%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

4.7

CVE-2014-4442

  • EPSS 0.05%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

7.8

CVE-2014-4443

  • EPSS 0.98%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

4.4

CVE-2014-4444

  • EPSS 0.06%
  • Veröffentlicht 18.10.2014 01:55:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.

6.8

CVE-2014-4351

  • EPSS 3.21%
  • Veröffentlicht 18.10.2014 01:55:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

6.8

CVE-2014-4391

  • EPSS 1.07%
  • Veröffentlicht 18.10.2014 01:55:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.