Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-09-18 CVE-2014-4374 XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
apple
5.0
2014-09-18 CVE-2014-4368 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
local
apple CWE-264
6.9
2014-09-18 CVE-2014-4366 Credentials Management vulnerability in Apple Iphone OS
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
low complexity
apple CWE-255
5.0
2014-09-18 CVE-2014-4363 Credentials Management vulnerability in Apple Iphone OS and Safari
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
network
low complexity
apple CWE-255
5.0
2014-09-18 CVE-2014-4362 Information Exposure vulnerability in Apple Iphone OS
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
network
low complexity
apple CWE-200
5.0
2014-09-18 CVE-2014-4361 Information Exposure vulnerability in Apple Iphone OS
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
network
low complexity
apple CWE-200
5.0
2014-09-18 CVE-2014-4354 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
low complexity
apple CWE-264
5.8
2014-09-18 CVE-2014-4353 Race Condition vulnerability in Apple Iphone OS
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
network
apple CWE-362
4.3
2014-09-17 CVE-2014-0562 Cross-Site Scripting vulnerability in Adobe Acrobat and Acrobat Reader
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
4.3
2014-08-19 CVE-2014-3528 Credentials Management vulnerability in multiple products
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
network
high complexity
opensuse apache canonical apple redhat CWE-255
4.0