CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4469 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4469
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4465 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4465
04 Dec 2014 — WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. WebKit en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1 permite a atacantes remotos evadir Same Origin Policy a través de secuencias del token CSS (Cascading Style Sheets) dentro de un fichero SVG en el atributo SRC de un elemento IM... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4468 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4468
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4472 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4472
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-4466 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4466
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4471 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4471
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.xanterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4451 – Apple Security Advisory 2014-11-17-1
https://notcve.org/view.php?id=CVE-2014-4451
18 Nov 2014 — Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. Apple iOS anterior a 8.1.1 no aplica correctamente el límite de contraseñas erróneas, lo que facilita a atacantes físicamente próximos eludir el mecanismo de bloqueo de pantalla a través de una serie de conjeturas. iOS 8.1.1 is now available and addresses code execution and various other security flaws. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 90EXPL: 0CVE-2014-4453 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4453
18 Nov 2014 — Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 incluiye datos de localización durante el establecimiento de una conexión en el servidor de Spotlight Suggestions por Spotlight o Safari, lo que podría permitir a atacantes remotos obtener información sensibl... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4463 – Apple Security Advisory 2014-11-17-1
https://notcve.org/view.php?id=CVE-2014-4463
18 Nov 2014 — Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. Apple iOS anterior a 8.1.1 permite a atacantes físicamente cercanos saltarse el mecanismo de bloqueo de la pantalla, y ver o transmitir una foto en 'Photo Library' a través de una característica de FaceTime 'Leave a Message'. iOS 8.1.1 is now available and addresses code execution and various other security flaws. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4457 – Apple Security Advisory 2014-11-17-1
https://notcve.org/view.php?id=CVE-2014-4457
18 Nov 2014 — The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. El subsistema Sandbox Profiles en Apple iOS anterior a 8.1.1 no implementa debidamente el sandbox debugserver, lo cual permite a atacantes evadir las restricciones destinadas a la ejecución de binarios a través de una aplicación manipulada ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •