CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4457 – Apple Security Advisory 2014-11-17-1
https://notcve.org/view.php?id=CVE-2014-4457
18 Nov 2014 — The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. El subsistema Sandbox Profiles en Apple iOS anterior a 8.1.1 no implementa debidamente el sandbox debugserver, lo cual permite a atacantes evadir las restricciones destinadas a la ejecución de binarios a través de una aplicación manipulada ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4461 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4461
18 Nov 2014 — The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2014-4462 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4462
18 Nov 2014 — WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. WebKit, usado en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sitio web manipulado,... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4452 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4452
18 Nov 2014 — WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. WebKit, usado en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sito web manipulado, u... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4455 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4455
18 Nov 2014 — dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. dyld en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2 no gestiona correctamente los segmentos superpuestos en archivos ejecutables de Mach-O lo que permite a usuarios locales eludir las restricciones de la firma de código a través de un archivo manipulado. Apple TV 7.0.3 is now ava... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 10%CPEs: 7EXPL: 0CVE-2014-4459 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4459
18 Nov 2014 — Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2014-4460 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4460
18 Nov 2014 — CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. CFNetwork en Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 no limpia debidamente la caché de navegación sobre una transición del modo de navegación privada, lo que facilita a atacantes físicamente próximos obtener información sensible median... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4449 – Apple Security Advisory 2014-10-20-1
https://notcve.org/view.php?id=CVE-2014-4449
21 Oct 2014 — iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. iCloud Data Access en Apple iOS anterior a 8.1 no verifica los certificados X.509 de los servidores TLS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. iOS 8.1 is now available and addresses bluetooth, insuffi... • http://secunia.com/advisories/61825 • CWE-310: Cryptographic Issues •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4448 – Apple Security Advisory 2014-10-20-1
https://notcve.org/view.php?id=CVE-2014-4448
21 Oct 2014 — House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. House Arrest en Apple iOS anterior a 8.1 depende del hardware UID para su clave de cifrado, lo que facilita a atacantes físicamente próximos obtener información sensible de un directorio de documentos mediante la obtención de este UID. iOS 8.1 is now available and addresses bluetooth,... • http://www.securityfocus.com/archive/1/533747 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4450 – Apple Security Advisory 2014-10-20-1
https://notcve.org/view.php?id=CVE-2014-4450
21 Oct 2014 — The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. La caracteristica QuickType en el subsistema Keyboards en Apple iOS anterior a 8.1 recoge datos de la previsión de escritura de campos con un atributo de autocompletado apagado, lo que facilita a atacantes descubrir credenciales med... • http://www.securityfocus.com/archive/1/533747 • CWE-255: Credentials Management Errors •