CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4352 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4352
17 Sep 2014 — Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Address Book en Apple iOS anterior a 8 depende del hardware UID para esta clave de cifrado, lo que facilita atacantes físicamente próximos obtener información sensible mediante la obtención de este UID iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and va... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4353 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4353
17 Sep 2014 — Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Condición de carrera en iMessage en Apple iOS anterior a 8 permite a atacantes obtener información sensible mediante el aprovechamiento de la presencia de adjuntos después de la eliminación de su padre (1) iMessage o (2) MMS. iOS 8 is now available and addresses wifi credential interception, identifier disclosu... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4375 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4375
17 Sep 2014 — Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Vulnerabilidad de doble liberación en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (caída de dispositivo)a través de vectores relacionados con puertos Mach. Apple TV 7 is now available and addresses wifi credential interception, information d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4410 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4410
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, como el utilizado en Apple iOS anteriores a 8 y Apple TV anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4361 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4361
17 Sep 2014 — The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. El subsistema Home & Lock Screen en Apple iOS anterior a 8 no restringe debidamente la API privada para la prominencia de la app, lo que permite a atacantes determinar el primer plano de la app mediante el aprovechamiento del acceso a una aplicación de segundo plano manipulada. iOS 8 is no... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4366 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4366
17 Sep 2014 — Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Mail en Apple iOS anterior a 8 no previene el envío de un comando LOGIN a un servidor LOGINDISABLED IMAP, lo que permite a atacantes remotos obtener información sensible en texto plano mediante la captura del trafico de la red. iOS 8 is now available and addresses wifi credential interception, identifier disclosur... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4388 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4388
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en contexto privilegiado a traves de ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4405 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4405
17 Sep 2014 — IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero nulo) a través de una aplicación que provee propiedades de asignación de ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 6.1EPSS: 1%CPEs: 18EXPL: 1CVE-2014-4378 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4378
17 Sep 2014 — CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. CoreGraphics en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un documento PDF manipulado. OS X Mavericks 10.9.5 and Security Update 2014-004 are no... • https://github.com/feliam/CVE-2014-4378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4414 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4414
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de l... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •