Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-10 | CVE-2015-1093 | Multiple Security vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. network apple | 6.8 |
| 2015-04-10 | CVE-2015-1092 | Information Disclosure vulnerability in Apple Iphone OS and Tvos NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2015-04-10 | CVE-2015-1091 | Information Exposure vulnerability in Apple Iphone OS and mac OS X The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 4.3 |
| 2015-04-10 | CVE-2015-1090 | Information Exposure vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | 5.0 |
| 2015-04-10 | CVE-2015-1089 | Information Exposure vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.0 |
| 2015-04-10 | CVE-2015-1088 | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
| 2015-04-10 | CVE-2015-1086 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 6.9 |
| 2015-04-10 | CVE-2013-7436 | Cryptographic Issues vulnerability in Kanaka Novnc 0.4 noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.3 |
| 2015-04-08 | CVE-2015-3030 | Information Exposure vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14 The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | 4.0 |
| 2015-04-08 | CVE-2015-3029 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14 The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |