CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4420 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4420
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a la versión 8 y en Apple TV anterior a 7 no inicializa correctamente memoria, lo que permitiría a atacantes obtener c... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4408 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4408
17 Sep 2014 — The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. La función rt_setgate en el kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (lectura fuera de rango y caída de dispositivo) a través de una llamada manipulada. Apple TV 7 is now available and addresses wifi credenti... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4371 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4371
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. La interfaz network-statistics en el kernel en Apple iOS anterior a 8 y Apple TV anterior 7 no inicializa correctamente la memoria, lo que permite a atacantes obtener información sensible d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-665: Improper Initialization •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4422 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4422
17 Sep 2014 — The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. El kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 utiliza generadores de números aleatorios predecibles a la primera parte de la porción del proceso de boot, lo que permite a atacantes eludir ciertos m... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4389 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4389
17 Sep 2014 — Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Desbordamiento de enteros en IOKit en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee argumentos API manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4372 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4372
17 Sep 2014 — syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. syslogd en el subsistema syslog en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales cambiar los permisos de ficheros arbitrarios mediante un ataque de enlace simbólico sobre un fichero sin especificar. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4413 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4413
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de apli... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4375 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4375
17 Sep 2014 — Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Vulnerabilidad de doble liberación en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (caída de dispositivo)a través de vectores relacionados con puertos Mach. Apple TV 7 is now available and addresses wifi credential interception, information d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4410 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4410
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, como el utilizado en Apple iOS anteriores a 8 y Apple TV anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4388 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4388
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en contexto privilegiado a traves de ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •