Vulnerabilities > Apple > MAC OS X > 10.9.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-18 | CVE-2014-4440 | Information Exposure vulnerability in Apple mac OS X The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | 2.6 |
| 2014-10-18 | CVE-2014-4439 | Information Exposure vulnerability in Apple mac OS X Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | 4.3 |
| 2014-10-18 | CVE-2014-4438 | Race Condition vulnerability in Apple mac OS X Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | 6.9 |
| 2014-10-18 | CVE-2014-4437 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | 6.8 |
| 2014-10-18 | CVE-2014-4436 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. | 4.3 |
| 2014-10-18 | CVE-2014-4435 | Improper Authentication vulnerability in Apple mac OS X The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | 4.4 |
| 2014-10-18 | CVE-2014-4434 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | 4.9 |
| 2014-10-18 | CVE-2014-4433 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. | 7.2 |
| 2014-10-18 | CVE-2014-4432 | Cryptographic Issues vulnerability in Apple mac OS X fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | 4.7 |
| 2014-10-18 | CVE-2014-4431 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | 2.1 |