Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2014-02-27 CVE-2014-1255 Improper Input Validation vulnerability in Apple mac OS X
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
network
low complexity
apple CWE-20
7.5
2014-02-27 CVE-2014-1254 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.
network
apple CWE-119
6.8
2014-01-24 CVE-2014-1252 Double Free vulnerability in Apple Iphone OS, mac OS X and Pages
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
network
low complexity
apple CWE-415
7.5
2013-10-04 CVE-2013-5163 Improper Authentication vulnerability in Apple mac OS X
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
local
low complexity
apple CWE-287
6.6
2013-09-19 CVE-2011-2391 Improper Input Validation vulnerability in Apple Iphone OS, Itunes and mac OS X
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
low complexity
apple CWE-20
6.1
2013-09-16 CVE-2013-1033 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
network
low complexity
apple CWE-264
5.5
2013-09-16 CVE-2013-1032 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and Quicktime
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
network
apple CWE-119
6.8
2013-09-16 CVE-2013-1031 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
local
apple CWE-264
3.3
2013-09-16 CVE-2013-1030 Information Exposure vulnerability in Apple mac OS X
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
apple CWE-200
2.1
2013-09-16 CVE-2013-1029 Improper Input Validation vulnerability in Apple mac OS X
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
local
low complexity
apple CWE-20
4.9