Vulnerabilities > Apple > MAC OS X > 10.10.0

DATE CVE VULNERABILITY TITLE RISK
2015-04-10 CVE-2015-1117 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
local
apple CWE-264
6.9
2015-04-10 CVE-2015-1105 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
network
low complexity
apple CWE-20
5.0
2015-04-10 CVE-2015-1104 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
network
low complexity
apple CWE-20
5.0
2015-04-10 CVE-2015-1103 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
network
low complexity
apple CWE-20
7.5
2015-04-10 CVE-2015-1102 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
network
apple CWE-20
7.1
2015-04-10 CVE-2015-1101 Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
apple
6.9
2015-04-10 CVE-2015-1100 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
local
apple CWE-119
5.4
2015-04-10 CVE-2015-1099 Race Condition vulnerability in Apple Iphone OS, mac OS X and Tvos
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
local
high complexity
apple CWE-362
4.0
2015-04-10 CVE-2015-1098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
network
apple CWE-119
6.8
2015-04-10 CVE-2015-1096 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
local
apple CWE-200
1.9