Apple: >> Mac Os X >> 10.1.5 Security Vulnerabilities
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
CVSS Score
6.8
EPSS Score
0.014
Published
2015-07-03
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
CVSS Score
9.3
EPSS Score
0.012
Published
2015-07-03
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-07-03
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
CVSS Score
6.9
EPSS Score
0.0
Published
2015-07-03
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-07-03
The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS Score
9.3
EPSS Score
0.022
Published
2015-07-03
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.
CVSS Score
8.8
EPSS Score
0.005
Published
2015-07-03
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.
CVSS Score
9.3
EPSS Score
0.015
Published
2015-07-03
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.
CVSS Score
9.3
EPSS Score
0.015
Published
2015-07-03
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
9.3
EPSS Score
0.379
Published
2015-07-03