Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-04-10 CVE-2015-1147 Information Exposure vulnerability in Apple mac OS X
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
apple CWE-200
5.0
2015-04-10 CVE-2015-1146 Cryptographic Issues vulnerability in Apple mac OS X
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
local
apple CWE-310
1.9
2015-04-10 CVE-2015-1145 Cryptographic Issues vulnerability in Apple mac OS X
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
local
apple CWE-310
1.9
2015-04-10 CVE-2015-1144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
local
low complexity
apple CWE-119
7.2
2015-04-10 CVE-2015-1143 Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
local
low complexity
apple
7.2
2015-04-10 CVE-2015-1142 Improper Input Validation vulnerability in Apple mac OS X
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
local
low complexity
apple CWE-20
2.1
2015-04-10 CVE-2015-1141 Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
local
low complexity
apple
4.9
2015-04-10 CVE-2015-1140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2015-04-10 CVE-2015-1139 Improper Input Validation vulnerability in Apple mac OS X
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
network
apple CWE-20
6.8
2015-04-10 CVE-2015-1138 Improper Input Validation vulnerability in Apple mac OS X
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
local
low complexity
apple CWE-20
4.9