Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-1098 6.8
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
27-09-2019 - 18:42 10-04-2015 - 14:59
CVE-2014-0117 4.3
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. Per vendor advisory http://httpd.apa
15-08-2019 - 09:15 20-07-2014 - 11:12
CVE-2014-4380 9.3
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4405 9.3
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. <a hre
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2014-4404 9.3
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
08-03-2019 - 16:06 18-09-2014 - 10:55
CVE-2015-1099 4.0
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1069 6.8
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
08-03-2019 - 16:06 18-03-2015 - 22:59
CVE-2015-1100 5.4
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1104 5.0
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism v
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1103 7.5
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1067 4.3
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via c
08-03-2019 - 16:06 11-03-2015 - 01:59
CVE-2015-1117 6.9
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1096 1.9
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1118 5.0
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1101 6.9
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1105 5.0
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via c
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1095 7.2
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1102 7.1
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
08-03-2019 - 16:06 10-04-2015 - 14:59
CVE-2015-1139 6.8
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
31-01-2019 - 19:48 10-04-2015 - 14:59
CVE-2015-1137 7.2
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. <a href="http://cwe.mitre.org/data/definitions/476.htm
31-01-2019 - 19:48 10-04-2015 - 14:59
CVE-2015-1135 7.2
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
31-01-2019 - 19:46 10-04-2015 - 14:59
CVE-2015-1136 6.8
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. <a href="http://cwe.mitre.org/data/definitions/416.html" rel="nofollow">CWE-416: Use A
31-01-2019 - 19:46 10-04-2015 - 14:59
CVE-2015-1133 7.2
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
31-01-2019 - 19:45 10-04-2015 - 14:59
CVE-2015-1132 10.0
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
31-01-2019 - 19:45 10-04-2015 - 14:59
CVE-2015-1134 7.2
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
31-01-2019 - 19:45 10-04-2015 - 14:59
CVE-2015-1131 7.2
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
31-01-2019 - 19:44 10-04-2015 - 14:59
CVE-2015-1140 7.2
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
31-01-2019 - 19:39 10-04-2015 - 14:59
CVE-2015-1145 1.9
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
31-01-2019 - 19:27 10-04-2015 - 14:59
CVE-2015-1143 7.2
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. <a href="http://cwe.mitre.org/data/definitions/843.html" rel="nofollow">CWE-843: Access of Resource
31-01-2019 - 19:27 10-04-2015 - 14:59
CVE-2015-1146 1.9
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
31-01-2019 - 19:25 10-04-2015 - 14:59
CVE-2015-1147 5.0
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
31-01-2019 - 19:24 10-04-2015 - 14:59
CVE-2015-1093 6.8
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
31-01-2019 - 19:11 10-04-2015 - 14:59
CVE-2013-6712 5.0
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte
30-10-2018 - 16:27 28-11-2013 - 04:37
CVE-2014-4049 5.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns
30-10-2018 - 16:27 18-06-2014 - 19:55
CVE-2015-1546 5.0
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. <a href="http://cwe.mitre.org/d
30-10-2018 - 16:27 12-02-2015 - 16:59
CVE-2014-0231 5.0
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
30-10-2018 - 16:25 20-07-2014 - 11:12
CVE-2014-0098 5.0
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handl
09-10-2018 - 19:35 18-03-2014 - 05:18
CVE-2013-6438 5.0
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) v
09-10-2018 - 19:34 18-03-2014 - 05:18
CVE-2015-0204 4.3
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak
19-07-2018 - 01:29 09-01-2015 - 02:59
CVE-2014-3587 4.3
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a craf
05-01-2018 - 02:29 23-08-2014 - 01:55
CVE-2014-3710 5.0
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and appli
05-01-2018 - 02:29 05-11-2014 - 11:55
CVE-2014-3538 5.0
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. N
05-01-2018 - 02:29 03-07-2014 - 14:55
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
09-12-2017 - 02:29 20-07-2014 - 11:12
CVE-2014-0118 4.3
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req
09-12-2017 - 02:29 20-07-2014 - 11:12
CVE-2014-8275 5.0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted
15-11-2017 - 02:29 09-01-2015 - 02:59
CVE-2014-3569 5.0
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon c
15-11-2017 - 02:29 24-12-2014 - 11:59
CVE-2014-3572 5.0
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerK
15-11-2017 - 02:29 09-01-2015 - 02:59
CVE-2014-3570 5.0
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms
15-11-2017 - 02:29 09-01-2015 - 02:59
CVE-2014-3571 5.0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation fo
20-10-2017 - 01:29 09-01-2015 - 02:59
CVE-2014-8830 6.8
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
08-09-2017 - 01:29 30-01-2015 - 11:59
CVE-2015-1545 5.0
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search requ
08-09-2017 - 01:29 12-02-2015 - 16:59
CVE-2014-3597 6.8
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS re
07-01-2017 - 03:00 23-08-2014 - 01:55
CVE-2014-3981 3.3
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
07-01-2017 - 03:00 08-06-2014 - 18:55
CVE-2014-4698 4.6
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio
07-01-2017 - 03:00 10-07-2014 - 11:06
CVE-2014-4670 4.6
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications i
07-01-2017 - 03:00 10-07-2014 - 11:06
CVE-2013-5704 5.0
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s
07-01-2017 - 02:59 15-04-2014 - 10:55
CVE-2014-2497 4.3
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
07-01-2017 - 02:59 21-03-2014 - 14:55
CVE-2014-0237 5.0
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
07-01-2017 - 02:59 01-06-2014 - 04:29
CVE-2014-0238 5.0
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero len
07-01-2017 - 02:59 01-06-2014 - 04:29
CVE-2014-3669 7.5
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary
03-01-2017 - 02:59 29-10-2014 - 10:55
CVE-2015-1089 5.0
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
03-01-2017 - 02:59 10-04-2015 - 14:59
CVE-2015-1091 4.3
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a craf
03-01-2017 - 02:59 10-04-2015 - 14:59
CVE-2015-1088 6.8
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
03-01-2017 - 02:59 10-04-2015 - 14:59
CVE-2014-3478 5.0
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal
28-11-2016 - 19:11 09-07-2014 - 11:07
CVE-2014-3479 4.3
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (appli
28-11-2016 - 19:11 09-07-2014 - 11:07
CVE-2014-3480 4.3
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (appli
28-11-2016 - 19:11 09-07-2014 - 11:07
CVE-2014-3487 4.3
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (applicati
28-11-2016 - 19:11 09-07-2014 - 11:07
CVE-2014-0207 4.3
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a craft
28-11-2016 - 19:10 09-07-2014 - 11:07
CVE-2014-5120 6.4
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1)
26-10-2016 - 02:00 23-08-2014 - 01:55
CVE-2014-3670 6.8
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory
18-10-2016 - 03:44 29-10-2014 - 10:55
CVE-2014-3668 5.0
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (app
18-10-2016 - 03:44 29-10-2014 - 10:55
CVE-2015-1148 5.0
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
17-09-2015 - 18:43 10-04-2015 - 14:59
CVE-2015-1144 7.2
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
17-09-2015 - 18:42 10-04-2015 - 14:59
CVE-2015-1142 2.1
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
17-09-2015 - 18:39 10-04-2015 - 14:59
CVE-2015-1141 4.9
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
17-09-2015 - 18:39 10-04-2015 - 14:59
CVE-2015-1138 4.9
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
17-09-2015 - 17:47 10-04-2015 - 14:59
CVE-2015-1130 7.2
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
17-09-2015 - 17:41 10-04-2015 - 14:59
Back to Top Mark selected
Back to Top