Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3678 Command Injection vulnerability in Apple mac OS X
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.
local
low complexity
apple CWE-77
7.2
2015-07-03 CVE-2015-3677 Information Exposure vulnerability in Apple mac OS X
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
network
apple CWE-200
4.3
2015-07-03 CVE-2015-3676 Information Exposure vulnerability in Apple mac OS X
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app.
network
apple CWE-200
4.3
2015-07-03 CVE-2015-3675 Improper Access Control vulnerability in Apple mac OS X
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
network
low complexity
apple CWE-284
5.0
2015-07-03 CVE-2015-3674 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
apple CWE-119
7.5
2015-07-03 CVE-2015-3673 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
local
low complexity
apple CWE-264
7.2
2015-07-03 CVE-2015-3672 Improper Access Control vulnerability in Apple mac OS X
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
local
low complexity
apple CWE-284
7.2
2015-07-03 CVE-2015-3671 Improper Access Control vulnerability in Apple mac OS X
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
local
low complexity
apple CWE-284
7.2
2015-07-03 CVE-2015-3669 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3668 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667.
network
apple CWE-119
6.8