CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4413 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4413
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de apli... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.6EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4364 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4364
17 Sep 2014 — The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. El subsistema 802.1X en Apple iOS anterior a 8 y Apple TV anterior a 7 no requiere métodos de autenticación fuertes, lo que permite a atacantes remotos calcular las credenciales mediante el ofrecimiento de la autentic... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4418 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4418
17 Sep 2014 — IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a traves ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4419 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4419
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a 8 y Apple TV anterior a 7, no inicializa correctamente memoria, lo que permitiría a atacantes obtener contenido sens... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4420 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4420
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a la versión 8 y en Apple TV anterior a 7 no inicializa correctamente memoria, lo que permitiría a atacantes obtener c... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 9.3EPSS: 9%CPEs: 4EXPL: 2CVE-2014-4404 – Apple OS X Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2014-4404
17 Sep 2014 — Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. Desbordamiento de buffer basado en memoria dinámica en IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee propiedades manipuladas de asignación de teclas. A heap overflow in IOHIKey... • https://packetstorm.news/files/id/129344 • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1348 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-1348
01 Jul 2014 — Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. Mail en Apple iOS anterior a 7.1.2 advierte de la disponibilidad de protección de datos para adjuntos pero almacena adjuntos en texto claro bajo mobile/Library/Mail/, lo que facilita a atacantes físicamente próximos obtener información ... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1355 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1355
01 Jul 2014 — The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. La implementación IOKit en el kernel en Apple iOS anterior a 7.1.2 y Apple TV anterior a 6.1.2, y en IOReporting en Apple OS X anterior a 10.9.4, permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y reinicio) a través de a... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 8.8EPSS: 2%CPEs: 30EXPL: 0CVE-2014-1365 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1365
01 Jul 2014 — WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. WebKit, utilizado en Apple iOS anterior a 7.1.2, Apple Safari anterior a 6.1.5 y 7.x anterior a 7.0.5, y Apple TV ant... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1358 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1358
01 Jul 2014 — Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Desbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, s... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-189: Numeric Errors •