Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-11 | CVE-2014-0574 | Code Injection vulnerability in Adobe products Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-11-11 | CVE-2014-0573 | Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. | 10.0 |
2014-11-04 | CVE-2014-3660 | Denial of Service vulnerability in Libxml2 Entities Expansion parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | 5.0 |
2014-10-22 | CVE-2014-4450 | Credentials Management vulnerability in Apple Iphone OS The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | 1.9 |
2014-10-22 | CVE-2014-4449 | Cryptographic Issues vulnerability in Apple Iphone OS iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
2014-10-22 | CVE-2014-4448 | Cryptographic Issues vulnerability in Apple Iphone OS House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | 1.9 |
2014-10-18 | CVE-2014-4447 | Cryptographic Issues vulnerability in Apple OS X Server Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | 1.9 |
2014-10-18 | CVE-2014-4446 | Permissions, Privileges, and Access Controls vulnerability in Apple OS X Server Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | 2.1 |
2014-10-18 | CVE-2014-4444 | Improper Authentication vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | 4.4 |
2014-10-18 | CVE-2014-4443 | Improper Input Validation vulnerability in Apple mac OS X Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | 7.8 |