Vulnerabilities > Apple > MAC OS X > 10.5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-18 | CVE-2014-4453 | Information Exposure vulnerability in Apple Iphone OS and mac OS X Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-04 | CVE-2014-3660 | Denial of Service vulnerability in Libxml2 Entities Expansion parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | 5.0 |
| 2014-10-18 | CVE-2014-4444 | Improper Authentication vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | 4.4 |
| 2014-10-18 | CVE-2014-4443 | Improper Input Validation vulnerability in Apple mac OS X Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | 7.8 |
| 2014-10-18 | CVE-2014-4442 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | 4.7 |
| 2014-10-18 | CVE-2014-4441 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | 6.8 |
| 2014-10-18 | CVE-2014-4440 | Information Exposure vulnerability in Apple mac OS X The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | 2.6 |
| 2014-10-18 | CVE-2014-4439 | Information Exposure vulnerability in Apple mac OS X Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | 4.3 |
| 2014-10-18 | CVE-2014-4438 | Race Condition vulnerability in Apple mac OS X Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | 6.9 |
| 2014-10-18 | CVE-2014-4437 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | 6.8 |