Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4434 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | ||||
| CVE-2014-4435 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | ||||
| CVE-2014-4436 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. | ||||
| CVE-2014-4437 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | ||||
| CVE-2014-4438 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | ||||
| CVE-2014-4439 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | ||||
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | ||||
| CVE-2014-4441 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | ||||
| CVE-2014-4442 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | ||||
| CVE-2014-4443 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | ||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | ||||
| CVE-2014-4446 | 1 Apple | 1 Os X Server | 2025-04-12 | N/A |
| Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | ||||
| CVE-2014-4447 | 1 Apple | 1 Os X Server | 2025-04-12 | N/A |
| Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | ||||
| CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | ||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | ||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | ||||
| CVE-2014-4452 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | ||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4455 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | ||||