Vulnerabilities > Apple > MAC OS X > 10.10.0

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3697 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
local
low complexity
apple CWE-119
7.2
2015-07-03 CVE-2015-3696 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
local
low complexity
apple CWE-119
7.2
2015-07-03 CVE-2015-3695 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
local
low complexity
apple CWE-119
7.2
2015-07-03 CVE-2015-3694 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3693 7PK - Security Features vulnerability in Apple mac OS X
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
network
apple CWE-254
critical
9.3
2015-07-03 CVE-2015-3692 Improper Access Control vulnerability in Apple mac OS X
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
local
low complexity
apple CWE-284
6.8
2015-07-03 CVE-2015-3691 Improper Access Control vulnerability in Apple mac OS X
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
network
apple CWE-284
critical
9.3
2015-07-03 CVE-2015-3690 Information Exposure vulnerability in Apple Iphone OS and mac OS X
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
network
apple CWE-200
4.3
2015-07-03 CVE-2015-3689 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3688 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
network
apple CWE-119
6.8