CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4455 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4455
18 Nov 2014 — dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. dyld en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2 no gestiona correctamente los segmentos superpuestos en archivos ejecutables de Mach-O lo que permite a usuarios locales eludir las restricciones de la firma de código a través de un archivo manipulado. Apple TV 7.0.3 is now ava... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 10%CPEs: 7EXPL: 0CVE-2014-4459 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4459
18 Nov 2014 — Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4461 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4461
18 Nov 2014 — The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2014-4462 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4462
18 Nov 2014 — WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. WebKit, usado en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sitio web manipulado,... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 4%CPEs: 11EXPL: 0CVE-2014-3192 – chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3192
08 Oct 2014 — Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4357 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4357
17 Sep 2014 — Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Accounts Framework en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes obtener información sensible mediante la lectura de datos de log que no tenían previsto estar presente en un registro. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various ot... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4381 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4381
17 Sep 2014 — Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. Libnotify en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de comprobadores de límites adecuados en las operaciones de escritura, lo que permite a atacantes ejecutar código como root a través de una aplicación manipulada. OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code exec... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.6EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4364 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4364
17 Sep 2014 — The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. El subsistema 802.1X en Apple iOS anterior a 8 y Apple TV anterior a 7 no requiere métodos de autenticación fuertes, lo que permite a atacantes remotos calcular las credenciales mediante el ofrecimiento de la autentic... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4418 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4418
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a traves ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4419 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4419
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a 8 y Apple TV anterior a 7, no inicializa correctamente memoria, lo que permitiría a atacantes obtener contenido sens... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •