CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4379 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4379
17 Sep 2014 — An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. Una función no especificada de IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de límites adecuados para prevenir la lectura de punteros del Kernel, lo que permite a atacantes saltarse el mecanismo de protección ASLR a través de una aplicación manipulad... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4354 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4354
17 Sep 2014 — Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Apple iOS anterior a 8 habilita Bluetooth durante todas las acciones de actualización, lo que facilita a atacantes remotos evadir las restricciones de acceso a través de una sesión Bluetooth. iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4408 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4408
17 Sep 2014 — The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. La función rt_setgate en el kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (lectura fuera de rango y caída de dispositivo) a través de una llamada manipulada. Apple TV 7 is now available and addresses wifi credenti... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4363 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4363
17 Sep 2014 — Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. Safari en Apple iOS anterior a 8 no restringe debidamente el autocompletado de la contraseñas en formularios, lo que permite a atacantes remotos obtener información sensible a través de (1) un sitio web http, (2) un sitio web https con cerit... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4371 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4371
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. La interfaz network-statistics en el kernel en Apple iOS anterior a 8 y Apple TV anterior 7 no inicializa correctamente la memoria, lo que permite a atacantes obtener información sensible d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4389 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4389
17 Sep 2014 — Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Desbordamiento de enteros en IOKit en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee argumentos API manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4409 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4409
17 Sep 2014 — WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. WebKit en Apple iOS anterior a 8 facilita a atacantes remotos realizar seguimientos de usuarios durante la navegación privada a través de un sitio web manipulado que lea datos de caché de aplicaciones HTML5 que han sido guardados durante la navegación normal. Safari 6.2 and Safari 7.1 are now avail... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4372 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4372
17 Sep 2014 — syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. syslogd en el subsistema syslog en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales cambiar los permisos de ficheros arbitrarios mediante un ataque de enlace simbólico sobre un fichero sin especificar. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4413 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4413
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de apli... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.6EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4364 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4364
17 Sep 2014 — The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. El subsistema 802.1X en Apple iOS anterior a 8 y Apple TV anterior a 7 no requiere métodos de autenticación fuertes, lo que permite a atacantes remotos calcular las credenciales mediante el ofrecimiento de la autentic... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •