Apple macOS vulnerabilities

CVE-2014-4481 [MEDIUM] CWE-189 CVE-2014-4481: Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

CVE-2014-8833 [LOW] CWE-284 CVE-2014-8833: SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

CVE-2014-8827 [LOW] CWE-284 CVE-2014-8827: LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately up LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

CVE-2014-4499 [LOW] CWE-200 CVE-2014-4499: The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credenti The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

CVE-2014-8834 [LOW] CWE-200 CVE-2014-8834: UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

CVE-2015-0235 [CRITICAL] CWE-787 CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x ve Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CVE-2015-0973 [HIGH] CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x b Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

CVE-2014-8151 [MEDIUM] CVE-2014-8151: The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVE-2014-9495 [HIGH] CWE-119 CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

CVE-2014-9425 [HIGH] CVE-2014-9425: Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zen Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2014-3583 [MEDIUM] CWE-119 CVE-2014-3583: The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Serv The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

CVE-2014-9365 [MEDIUM] CVE-2014-9365: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the

CVE-2014-4461 [CRITICAL] CWE-20 CVE-2014-4461: The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDa The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

CVE-2014-3613 [MEDIUM] CWE-310 CVE-2014-3613: cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which a cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

CVE-2014-4458 [MEDIUM] CWE-200 CVE-2014-4458: The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cook The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

CVE-2014-4459 [MEDIUM] CVE-2014-4459: Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attacker Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

CVE-2014-4453 [MEDIUM] CWE-200 CVE-2014-4453: Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotl Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

CVE-2014-3620 [MEDIUM] CWE-310 CVE-2014-3620: cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cooki cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

CVE-2014-4460 [LOW] CWE-200 CVE-2014-4460: CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cac CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

CVE-2014-8517 [HIGH] CWE-77 CVE-2014-8517: The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 thr The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.