CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4362 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4362
17 Sep 2014 — The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. La implementación Sandbox Profiles en Apple iOS anterior a 8 no restringe debidamente el perfil sandbox de las aplicaciones de terceros, lo que permite a atacantes obtener información sensible de Apple ID a través de una aplicación manipulada. iOS 8 is now available and addresses wifi credential intercepti... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4421 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4421
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a la versión 8 y en Apple TV anterior a 7, no inicializa correctamente memoria, lo que permitiría a atacantes obtener ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4369 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4369
17 Sep 2014 — The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. La implementación IOAcceleratorFamily API en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación que usa argumentos manipulados. Apple TV 7 is now available ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4367 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4367
17 Sep 2014 — Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. Apple iOS anterior a 8 habilita Voice Dial durante todas las acciones de actualización, lo que hace más fácil a atacantes físicamente próximos lanzar llamadas no intencionadas mediante el dictado de un número de teléfono. iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, an... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4407 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4407
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no inicializa debidamente la memoria de kernel, lo que permite a atacantes obtener información sensible de contenido de memoria a través de una aplicación que realiza llamadas manipuladas a funciones IOKit. Apple TV 7 is now availab... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4412 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4412
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de l... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4423 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4423
17 Sep 2014 — The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. El subsistema cuentas en Apple iOS anteriores a 8 permite a atacantes eludir el mecanismo de protección de sandbox y obtener el Apple ID y los metadatos de una cuenta activa de iCloud a través de una aplicación manipulada. iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path trav... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4368 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4368
17 Sep 2014 — The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. El subsistema de accesibilidad en Apple iOS anterior a 8 permite a atacantes interferir en el bloqueo de pantalla a través de vectores relacionados con eventos AssistiveTouch. iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4380 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4380
17 Sep 2014 — The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. La extensión de kernel IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de comprobaciones adecuados de los límites en las operaciones de escritura, lo que permite a atacantes ejecutar código arbitrario en el contexto del kernel a través de una aplicación manipulada... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4383 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4383
17 Sep 2014 — The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. El subsistema de activos en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes man-in-the-middle suplantar el estado de actualización de un dispositivo mediante una cabecera Last-Modified de una respuesta HTTP. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •