Vulnerabilities > Apple > MAC OS X > 10.7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-25 | CVE-2014-8146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | 7.5 |
| 2015-05-21 | CVE-2015-4000 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |
| 2015-04-24 | CVE-2015-3143 | Permissions, Privileges, and Access Controls vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | 5.0 |
| 2015-04-10 | CVE-2015-1148 | Information Exposure vulnerability in Apple mac OS X Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | 5.0 |
| 2015-04-10 | CVE-2015-1147 | Information Exposure vulnerability in Apple mac OS X Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2015-04-10 | CVE-2015-1146 | Cryptographic Issues vulnerability in Apple mac OS X The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | 1.9 |
| 2015-04-10 | CVE-2015-1145 | Cryptographic Issues vulnerability in Apple mac OS X The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | 1.9 |
| 2015-04-10 | CVE-2015-1144 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | 7.2 |
| 2015-04-10 | CVE-2015-1143 | Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3 LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. | 7.2 |
| 2015-04-10 | CVE-2015-1142 | Improper Input Validation vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | 2.1 |