Vulnerabilities > Apple > MAC OS X > 10.10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-18 | CVE-2014-3613 | Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | 5.0 |
| 2014-11-18 | CVE-2014-4461 | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |
| 2014-11-18 | CVE-2014-4460 | Information Exposure vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | 2.1 |
| 2014-11-18 | CVE-2014-4459 | Memory Corruption vulnerability in WebKit Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. network apple | 6.8 |
| 2014-11-18 | CVE-2014-4458 | Information Exposure vulnerability in Apple mac OS X The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-18 | CVE-2014-4453 | Information Exposure vulnerability in Apple Iphone OS and mac OS X Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |
| 2014-11-15 | CVE-2014-3707 | Information Exposure vulnerability in multiple products The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | 4.3 |
| 2014-11-04 | CVE-2014-3660 | Denial of Service vulnerability in Libxml2 Entities Expansion parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | 5.0 |
| 2014-10-15 | CVE-2014-3566 | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |