Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2014-11-18 CVE-2014-4452 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. 		5.4
5.4
2014-11-18 CVE-2014-4451 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
local
low complexity
apple CWE-264
7.2
7.2
2014-11-17 CVE-2014-8517 Command Injection vulnerability in multiple products
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
network
low complexity
apple netbsd CWE-77
7.5
7.5
2014-11-15 CVE-2014-3707 Information Exposure vulnerability in multiple products
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. 		4.3
4.3
2014-11-11 CVE-2014-8442 Permissions, Privileges, and Access Controls vulnerability in Adobe products
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.
network
low complexity
adobe apple microsoft linux CWE-264
7.5
7.5
2014-11-11 CVE-2014-8441 Memory Corruption vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-11 CVE-2014-8440 Memory Corruption vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-11 CVE-2014-8438 Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10
2014-11-11 CVE-2014-8437 Information Exposure vulnerability in Adobe products
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors.
network
low complexity
adobe apple microsoft linux CWE-200
5.0
5.0
2014-11-11 CVE-2014-0590 Type Confusion Remote Code Execution vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586.
network
low complexity
adobe apple microsoft linux
critical
 10.0
10