CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-11-18
Updated
2017-08-29
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.65%
Published
2014-11-18
Updated
2017-08-29
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.69%
Published
2014-11-18
Updated
2017-08-29
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
Max CVSS
4.3
EPSS Score
0.30%
Published
2014-11-15
Updated
2018-10-30
4 vulnerabilities found