Vulnerabilities > Apple > MAC OS X > 10.9.5

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-8837 Unspecified vulnerability in Apple mac OS X
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
network
apple
critical
9.3
2015-01-30 CVE-2014-8836 Improper Input Validation vulnerability in Apple mac OS X
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
network
low complexity
apple CWE-20
critical
10.0
2015-01-30 CVE-2014-8833 Improper Access Control vulnerability in Apple mac OS X
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
local
low complexity
apple CWE-284
2.1
2015-01-30 CVE-2014-8832 Information Exposure vulnerability in Apple mac OS X
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
local
low complexity
apple CWE-200
4.9
2015-01-30 CVE-2014-8831 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.
network
low complexity
apple CWE-264
5.0
2015-01-30 CVE-2014-8830 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-8829 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
network
low complexity
apple CWE-119
7.5
2015-01-30 CVE-2014-8828 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
network
low complexity
apple CWE-264
7.5
2015-01-30 CVE-2014-8827 Improper Access Control vulnerability in Apple mac OS X
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
local
low complexity
apple CWE-284
2.1
2015-01-30 CVE-2014-8826 Data Processing Errors vulnerability in Apple mac OS X
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
network
low complexity
apple CWE-19
5.0