Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-05-22 CVE-2014-1330 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-22 CVE-2014-1329 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-22 CVE-2014-1327 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-22 CVE-2014-1326 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-22 CVE-2014-1324 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-22 CVE-2014-1323 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
network
apple CWE-119
6.8
2014-05-19 CVE-2013-7040 Cryptographic Issues vulnerability in multiple products
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
network
apple python CWE-310
4.3
2014-05-18 CVE-2014-1347 Permissions, Privileges, and Access Controls vulnerability in Apple Itunes
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
local
apple CWE-264
4.4
2014-05-14 CVE-2014-0521 Information Exposure vulnerability in Adobe Acrobat and Acrobat Reader
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.
4.3
2014-04-23 CVE-2014-1322 Information Exposure vulnerability in Apple mac OS X
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
local
low complexity
apple CWE-200
4.9