Apple: >> Mac Os X >> 10.7.3 Security Vulnerabilities
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-18
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
CVSS Score
6.8
EPSS Score
0.005
Published
2014-10-18
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
CVSS Score
6.9
EPSS Score
0.0
Published
2014-10-18
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-18
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.
CVSS Score
2.6
EPSS Score
0.008
Published
2014-10-18
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.
CVSS Score
6.8
EPSS Score
0.007
Published
2014-10-18
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
CVSS Score
4.7
EPSS Score
0.0
Published
2014-10-18
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
CVSS Score
7.8
EPSS Score
0.01
Published
2014-10-18
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
CVSS Score
4.4
EPSS Score
0.001
Published
2014-10-18
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
CVSS Score
6.8
EPSS Score
0.032
Published
2014-10-18