Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2014-11-18 CVE-2014-4461 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
network
apple CWE-20
critical
9.3
2014-11-18 CVE-2014-4460 Information Exposure vulnerability in Apple Iphone OS and mac OS X
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
local
low complexity
apple CWE-200
2.1
2014-11-18 CVE-2014-4459 Memory Corruption vulnerability in WebKit
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
network
apple
6.8
2014-11-18 CVE-2014-4458 Information Exposure vulnerability in Apple mac OS X
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple CWE-200
5.0
2014-11-18 CVE-2014-4453 Information Exposure vulnerability in Apple Iphone OS and mac OS X
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple CWE-200
5.0
2014-11-04 CVE-2014-3660 Denial of Service vulnerability in Libxml2 Entities Expansion
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
network
low complexity
xmlsoft apple canonical debian redhat
5.0
2014-10-18 CVE-2014-4444 Improper Authentication vulnerability in Apple mac OS X
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
local
apple CWE-287
4.4
2014-10-18 CVE-2014-4443 Improper Input Validation vulnerability in Apple mac OS X
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
network
low complexity
apple CWE-20
7.8
2014-10-18 CVE-2014-4442 Improper Input Validation vulnerability in Apple mac OS X
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
local
apple CWE-20
4.7
2014-10-18 CVE-2014-4441 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.
network
apple CWE-264
6.8