Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-04-10 CVE-2015-1093 Multiple Security vulnerability in Apple Iphone OS and mac OS X
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
network
apple
6.8
2015-04-10 CVE-2015-1091 Information Exposure vulnerability in Apple Iphone OS and mac OS X
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
apple CWE-200
4.3
2015-04-10 CVE-2015-1089 Information Exposure vulnerability in Apple Iphone OS and mac OS X
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
apple CWE-200
5.0
2015-04-10 CVE-2015-1088 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
network
apple CWE-20
6.8
2015-03-30 CVE-2015-2787 Remote Code Execution vulnerability in PHP
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
network
low complexity
php apple redhat opensuse
7.5
2015-03-18 CVE-2015-1069 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
network
apple CWE-399
6.8
2015-03-12 CVE-2015-1066 Numeric Errors vulnerability in Apple mac OS X
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-189
critical
10.0
2015-03-12 CVE-2015-1065 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
5.4
2015-03-12 CVE-2015-1061 Code Injection vulnerability in Apple Iphone OS, mac OS X and Tvos
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
network
apple CWE-94
critical
9.3
2015-03-11 CVE-2015-1067 Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Tvos
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.
network
apple CWE-310
4.3