CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4380 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4380
17 Sep 2014 — The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. La extensión de kernel IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de comprobaciones adecuados de los límites en las operaciones de escritura, lo que permite a atacantes ejecutar código arbitrario en el contexto del kernel a través de una aplicación manipulada... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4383 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4383
17 Sep 2014 — The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. El subsistema de activos en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes man-in-the-middle suplantar el estado de actualización de un dispositivo mediante una cabecera Last-Modified de una respuesta HTTP. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4379 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4379
17 Sep 2014 — An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. Una función no especificada de IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de límites adecuados para prevenir la lectura de punteros del Kernel, lo que permite a atacantes saltarse el mecanismo de protección ASLR a través de una aplicación manipulad... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4354 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-4354
17 Sep 2014 — Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Apple iOS anterior a 8 habilita Bluetooth durante todas las acciones de actualización, lo que facilita a atacantes remotos evadir las restricciones de acceso a través de una sesión Bluetooth. iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4408 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4408
17 Sep 2014 — The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. La función rt_setgate en el kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (lectura fuera de rango y caída de dispositivo) a través de una llamada manipulada. Apple TV 7 is now available and addresses wifi credenti... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4363 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4363
17 Sep 2014 — Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. Safari en Apple iOS anterior a 8 no restringe debidamente el autocompletado de la contraseñas en formularios, lo que permite a atacantes remotos obtener información sensible a través de (1) un sitio web http, (2) un sitio web https con cerit... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4371 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4371
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. La interfaz network-statistics en el kernel en Apple iOS anterior a 8 y Apple TV anterior 7 no inicializa correctamente la memoria, lo que permite a atacantes obtener información sensible d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4389 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4389
17 Sep 2014 — Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Desbordamiento de enteros en IOKit en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee argumentos API manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4409 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4409
17 Sep 2014 — WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. WebKit en Apple iOS anterior a 8 facilita a atacantes remotos realizar seguimientos de usuarios durante la navegación privada a través de un sitio web manipulado que lea datos de caché de aplicaciones HTML5 que han sido guardados durante la navegación normal. Safari 6.2 and Safari 7.1 are now avail... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4372 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4372
17 Sep 2014 — syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. syslogd en el subsistema syslog en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales cambiar los permisos de ficheros arbitrarios mediante un ataque de enlace simbólico sobre un fichero sin especificar. Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •