CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1360 – Apple Security Advisory 2014-09-17-1
https://notcve.org/view.php?id=CVE-2014-1360
01 Jul 2014 — Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. Lockdown en Apple iOS anterior a 7.1.2 no verifica debidamente datos de servidores de activación, lo que facilita atacantes físicamente próximos evadir el mecanismo de protección de bloqueo de activación a través de vectores no especificados. iOS 8 is now available and addresses wifi cred... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2014-1354 – Apple Security Advisory 2014-06-30-3
https://notcve.org/view.php?id=CVE-2014-1354
01 Jul 2014 — CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data. CoreGraphics en Apple iOS anterior a 7.1.2 no restringe debidamente la reserva de memoria en pila para el procesamiento de imágenes XBM, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a t... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1350 – Apple Security Advisory 2014-06-30-3
https://notcve.org/view.php?id=CVE-2014-1350
01 Jul 2014 — Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. Settings en Apple iOS anterior a 7.1.2 permite a atacantes físicamente próximos evadir un requisito de contraseña iCloud, y apagar el servicio Find My iPhone, mediante el aprovechamiento de la gestión del estado incorrecta. iOS 7.1.2 is now available and addresses application termination, code execution,... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1361 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1361
01 Jul 2014 — Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Secure Transport en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 no asegura que un mensaje DTLS está aceptado únicamente para una conexión... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 30EXPL: 0CVE-2014-1363 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1363
01 Jul 2014 — WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. WebKit, utilizado en Apple iOS anterior a 7.1.2, Apple Safari anterior a 6.1.5 y 7.x anterior a 7.0.5, y Apple TV ant... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.6EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1353 – Apple Security Advisory 2014-06-30-3
https://notcve.org/view.php?id=CVE-2014-1353
01 Jul 2014 — Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. Lock Screen en Apple iOS anterior a 7.1.2 no maneja debidamente el estado de teléfono en modo de avión, lo que permite a atacantes físicamente próximos evadir el mecanismo de protección de bloqueo, y acceder a cierta aplicación en primer plano, a través de... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2014-1349 – Apple Security Advisory 2014-06-30-3
https://notcve.org/view.php?id=CVE-2014-1349
01 Jul 2014 — Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Vulnerabilidad de uso después de liberación en Safari en Apple iOS anterior a 7.1.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una URL inválida. iOS 7.1.2 is now available and addresses application termination, code execution, bypass, and various... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html •
CVSS: 3.6EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1351 – Apple Security Advisory 2014-06-30-3
https://notcve.org/view.php?id=CVE-2014-1351
01 Jul 2014 — Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. Siri en Apple iOS anterior a 7.1.2 permite a atacantes físicamente próximos evadir un requisito de contraseña de bloqueo de pantalla, y leer una lista de contactos, a través de una solicitud Siri que refiere a un contacto ambiguamente. iOS 7.1.2 is now available and addresses application termination, cod... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 30EXPL: 0CVE-2014-1366 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1366
01 Jul 2014 — WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. WebKit, utilizado en Apple iOS anterior a 7.1.2, Apple Safari anterior a 6.1.5 y 7.x anterior a 7.0.5, y Apple TV ant... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1356 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1356
01 Jul 2014 — Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. Desbordamiento de buffer basado en memoria dinámica en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada que envía mensajes IPC. OS X Mavericks 10.9.4 and Security Updat... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •