Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
5.0
EPSS Score
1.18%
Published
2014-12-10
Updated
2014-12-12
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448.
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.65%
Published
2014-11-18
Updated
2017-08-29
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.69%
Published
2014-11-18
Updated
2017-08-29
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
Max CVSS
4.3
EPSS Score
0.46%
Published
2014-10-18
Updated
2017-08-29
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
Max CVSS
4.3
EPSS Score
0.60%
Published
2014-10-18
Updated
2017-08-29
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
Max CVSS
4.3
EPSS Score
0.49%
Published
2014-09-18
Updated
2017-08-29
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-09-18
Updated
2019-03-08
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
Max CVSS
4.3
EPSS Score
0.30%
Published
2014-11-15
Updated
2018-10-30
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-07-01
Updated
2019-03-08
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
Max CVSS
4.9
EPSS Score
0.05%
Published
2014-04-23
Updated
2014-04-24
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
Max CVSS
4.9
EPSS Score
2.97%
Published
2014-04-23
Updated
2019-03-08
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!