Apple: >> Mac Os X >> 10.10.3 Security Vulnerabilities
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-08-16
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
CVSS Score
6.8
EPSS Score
0.02
Published
2015-08-16
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-08-16
The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-08-16
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.0
Published
2015-08-16
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.034
Published
2015-08-16
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-08-16
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-08-16
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVSS Score
5.0
EPSS Score
0.049
Published
2015-08-14
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-07-29