Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.4.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3766 |
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. Published: August 16, 2015; 7:59:39 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3765 |
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. Published: August 16, 2015; 7:59:38 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3764 |
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. Published: August 16, 2015; 7:59:37 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3762 |
The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: August 16, 2015; 7:59:35 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3761 |
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. Published: August 16, 2015; 7:59:34 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-3760 |
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. Published: August 16, 2015; 7:59:33 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-3757 |
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. Published: August 16, 2015; 7:59:30 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-7422 |
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Published: August 16, 2015; 7:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1819 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Published: August 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5523 |
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Published: August 11, 2015; 10:59:15 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5522 |
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Published: August 11, 2015; 10:59:14 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3727 |
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. Published: July 02, 2015; 10:00:17 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3721 |
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. Published: July 02, 2015; 10:00:12 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3720 |
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. Published: July 02, 2015; 10:00:11 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3719 |
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. Published: July 02, 2015; 10:00:10 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3718 |
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue. Published: July 02, 2015; 10:00:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3717 |
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Published: July 02, 2015; 10:00:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3716 |
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. Published: July 02, 2015; 10:00:08 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2015-3715 |
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. Published: July 02, 2015; 10:00:07 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3714 |
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. Published: July 02, 2015; 10:00:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |