Vulnerabilities > Apple > MAC OS X > 10.3

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-8829 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
network
low complexity
apple CWE-119
7.5
2015-01-30 CVE-2014-8828 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
network
low complexity
apple CWE-264
7.5
2015-01-30 CVE-2014-8827 Improper Access Control vulnerability in Apple mac OS X
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
local
low complexity
apple CWE-284
2.1
2015-01-30 CVE-2014-8826 Data Processing Errors vulnerability in Apple mac OS X
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
network
low complexity
apple CWE-19
5.0
2015-01-30 CVE-2014-8825 Improper Input Validation vulnerability in Apple mac OS X
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
local
low complexity
apple CWE-20
7.2
2015-01-30 CVE-2014-8824 Improper Input Validation vulnerability in Apple mac OS X
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-20
critical
10.0
2015-01-30 CVE-2014-8823 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.
local
apple CWE-264
4.7
2015-01-30 CVE-2014-8822 Data Processing Errors vulnerability in Apple mac OS X
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.
network
low complexity
apple CWE-19
critical
10.0
2015-01-30 CVE-2014-8821 Unspecified vulnerability in Apple mac OS X
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.
local
low complexity
apple
7.2
2015-01-30 CVE-2014-8820 Unspecified vulnerability in Apple mac OS X
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.
local
low complexity
apple
7.2