CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-4374 – Apple Foundation NSXMLParser XML eXternal Entity (XXE)
https://notcve.org/view.php?id=CVE-2014-4374
17 Sep 2014 — NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NSXMLParser en Foundation en Apple iOS anterior a 8 permite a los atacantes leer ficheros arbitrarios a través de datos XML que contienen una declaración de entidad externa en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). In May... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4422 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4422
17 Sep 2014 — The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. El kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 utiliza generadores de números aleatorios predecibles a la primera parte de la porción del proceso de boot, lo que permite a atacantes eludir ciertos m... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4352 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4352
17 Sep 2014 — Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Address Book en Apple iOS anterior a 8 depende del hardware UID para esta clave de cifrado, lo que facilita atacantes físicamente próximos obtener información sensible mediante la obtención de este UID iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and va... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4353 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4353
17 Sep 2014 — Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Condición de carrera en iMessage en Apple iOS anterior a 8 permite a atacantes obtener información sensible mediante el aprovechamiento de la presencia de adjuntos después de la eliminación de su padre (1) iMessage o (2) MMS. iOS 8 is now available and addresses wifi credential interception, identifier disclosu... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4375 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4375
17 Sep 2014 — Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Vulnerabilidad de doble liberación en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (caída de dispositivo)a través de vectores relacionados con puertos Mach. Apple TV 7 is now available and addresses wifi credential interception, information d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4410 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4410
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, como el utilizado en Apple iOS anteriores a 8 y Apple TV anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4361 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4361
17 Sep 2014 — The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. El subsistema Home & Lock Screen en Apple iOS anterior a 8 no restringe debidamente la API privada para la prominencia de la app, lo que permite a atacantes determinar el primer plano de la app mediante el aprovechamiento del acceso a una aplicación de segundo plano manipulada. iOS 8 is no... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4366 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4366
17 Sep 2014 — Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Mail en Apple iOS anterior a 8 no previene el envío de un comando LOGIN a un servidor LOGINDISABLED IMAP, lo que permite a atacantes remotos obtener información sensible en texto plano mediante la captura del trafico de la red. iOS 8 is now available and addresses wifi credential interception, identifier disclosur... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4388 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4388
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en contexto privilegiado a traves de ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4405 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4405
17 Sep 2014 — IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero nulo) a través de una aplicación que provee propiedades de asignación de ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •