Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
Max CVSS
5.0
EPSS Score
0.22%
Published
2015-04-10
Updated
2015-09-17
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
5.0
EPSS Score
0.43%
Published
2015-04-10
Updated
2019-01-31
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
Max CVSS
1.9
EPSS Score
0.19%
Published
2015-04-10
Updated
2019-03-08
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
4.3
EPSS Score
0.34%
Published
2015-04-10
Updated
2017-01-03
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
5.0
EPSS Score
0.38%
Published
2015-04-10
Updated
2017-01-03
5 vulnerabilities found