How severe is CVE-2014-8817?

This vulnerability has a severity rating of HIGH with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2014-8817?

This is classified as CWE-19, which is a common weakness in software security.

CVE-2014-8817 - HIGH Severity | CVSS 10

Vulnerability Description

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.

Related Vulnerabilities

CVE-2012-5357

CRITICAL

CVSS:9.8(Critical)

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE p...

CWE-192012

CVE-2012-5358

CRITICAL

CVSS:9.8(Critical)

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary...

CWE-192012

CVE-2014-10039

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will caus...

CWE-192014

CVE-2014-9693

CRITICAL

CVSS:9.8(Critical)

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R0...

CWE-192014

CVE-2015-3991

CRITICAL

CVSS:9.8(Critical)

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

CWE-192015

CVE-2015-5344

CRITICAL

CVSS:9.8(Critical)

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

CWE-192015