Vulnerabilities > Apple > MAC OS X > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-30 | CVE-2014-4499 | Information Exposure vulnerability in Apple mac OS X The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | 2.1 |
| 2015-01-30 | CVE-2014-8827 | Improper Access Control vulnerability in Apple mac OS X LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 2.1 |
| 2015-01-30 | CVE-2014-8833 | Improper Access Control vulnerability in Apple mac OS X SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | 2.1 |
| 2015-01-30 | CVE-2014-8834 | Information Exposure vulnerability in Apple mac OS X 10.10.0/10.10.1 UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | 2.1 |
| 2014-12-11 | CVE-2014-1595 | Information Management Errors vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. | 2.1 |
| 2014-11-18 | CVE-2014-4460 | Information Exposure vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | 2.1 |
| 2014-10-18 | CVE-2014-4431 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | 2.1 |
| 2014-10-18 | CVE-2014-4440 | Information Exposure vulnerability in Apple mac OS X The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | 2.6 |
| 2014-10-15 | CVE-2014-3566 | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |
| 2014-09-19 | CVE-2014-4403 | Information Exposure vulnerability in Apple mac OS X The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | 2.1 |