Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-10-23 CVE-2015-7017 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
network
low complexity
apple CWE-119
7.5
2015-10-23 CVE-2015-6992 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
network
low complexity
apple CWE-119
7.5
2015-10-23 CVE-2015-6975 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
network
low complexity
apple CWE-119
7.5
2015-10-09 CVE-2015-7761 Information Exposure vulnerability in Apple mac OS X
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
network
low complexity
apple CWE-200
5.0
2015-10-09 CVE-2015-7760 Resource Management Errors vulnerability in Apple mac OS X
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.
network
low complexity
apple CWE-399
5.0
2015-10-09 CVE-2015-5922 Memory Corruption vulnerability in ICU
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
network
low complexity
apple icu-project
critical
10.0
2015-10-09 CVE-2015-5915 Code vulnerability in Apple mac OS X
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
network
low complexity
apple CWE-17
5.0
2015-10-09 CVE-2015-5914 Code vulnerability in Apple mac OS X
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue.
local
apple CWE-17
4.7
2015-10-09 CVE-2015-5913 Improper Access Control vulnerability in Apple mac OS X
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
network
apple CWE-284
6.8
2015-10-09 CVE-2015-5902 Multiple Security vulnerability in Apple Mac OS X Prior to 10.11
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
local
low complexity
apple
4.9