Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-10-09 CVE-2015-5901 Information Exposure vulnerability in Apple mac OS X
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
local
low complexity
apple CWE-200
2.1
2015-10-09 CVE-2015-5900 7PK - Security Features vulnerability in Apple mac OS X
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
network
apple CWE-254
7.1
2015-10-09 CVE-2015-5897 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
local
low complexity
apple CWE-264
4.6
2015-10-09 CVE-2015-5894 Code vulnerability in Apple mac OS X
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
network
apple CWE-17
4.3
2015-10-09 CVE-2015-5893 Information Exposure vulnerability in Apple mac OS X
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
local
low complexity
apple CWE-200
2.1
2015-10-09 CVE-2015-5891 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2015-10-09 CVE-2015-5890 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
local
low complexity
apple CWE-119
7.2
2015-10-09 CVE-2015-5889 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
local
low complexity
apple CWE-264
7.2
2015-10-09 CVE-2015-5888 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
local
low complexity
apple CWE-264
7.2
2015-10-09 CVE-2015-5887 Code vulnerability in Apple mac OS X
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
network
low complexity
apple CWE-17
critical
10.0