Apple : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak) CVSS score >= 5

CVE-2014-8452

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
5.0
EPSS Score
1.18%
Published
2014-12-10
Updated
2014-12-12

CVE-2014-8451

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448.
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12

CVE-2014-8448

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12

CVE-2014-4458

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.65%
Published
2014-11-18
Updated
2017-08-29

CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.69%
Published
2014-11-18
Updated
2017-08-29

CVE-2014-4362

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29

CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29

CVE-2014-1361

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-07-01
Updated
2019-03-08
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close