Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-08-19 CVE-2014-3522 Improper Validation of Certificate With Host Mismatch vulnerability in multiple products
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
network
high complexity
apache opensuse canonical apple CWE-297
4.0
2014-08-19 CVE-2014-5333 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Air, Adobe AIR SDK and Flash Player
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character.
4.3
2014-08-16 CVE-2013-7144 Cryptographic Issues vulnerability in Linecorp Line
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
4.3
2014-08-14 CVE-2014-1390 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1389 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1388 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1387 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1386 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1385 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8
2014-08-14 CVE-2014-1384 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
network
apple CWE-119
6.8