CVSS: 2.4EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1281 – Apple Security Advisory 2014-03-10-1
https://notcve.org/view.php?id=CVE-2014-1281
11 Mar 2014 — Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. Photos Backend en Apple iOS anterior a 7.1 no maneja debidamente la caché de libraría de activos durante eliminaciones, lo que permite a atacantes físicamente próximos obtener datos sensibles de fotografías mediante el lanzamiento de la aplicación Photos y la búsq... • http://support.apple.com/kb/HT6162 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1282 – Apple Security Advisory 2014-03-10-2
https://notcve.org/view.php?id=CVE-2014-1282
11 Mar 2014 — The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. El componente Profiles en Apple iOS anterior a 7.1 y Apple TV anterior a 6.1 permite a atacantes evadir requisitos de visibilidad de perfil de configuración a través de un nombre largo. Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities. • http://support.apple.com/kb/HT6162 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1285 – Apple Security Advisory 2014-03-10-1
https://notcve.org/view.php?id=CVE-2014-1285
11 Mar 2014 — Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. Springboard en Apple iOS anterior a 7.1 permite a atacantes físicamente próximos evadir restricciones de acceso y leer la pantalla de inicio mediante el aprovechamiento de una caída de aplicación durante la activación de un dispositivo no activado. iOS 7.1 is now available and addresses multipl... • http://support.apple.com/kb/HT6162 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1286 – Apple Security Advisory 2014-03-10-1
https://notcve.org/view.php?id=CVE-2014-1286
11 Mar 2014 — SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. SpringBoard Lock Screen en Apple iOS anterior a 7.1 permite a atacantes remotos causar una denegación de servicio (cuelgue de pantalla de bloqueo) mediante el aprovechamiento de un error de gestión de estado. iOS 7.1 is now available and addresses multiple security vulnerabilities. • http://support.apple.com/kb/HT6162 •
CVSS: 8.8EPSS: 6%CPEs: 10EXPL: 0CVE-2014-1290 – Apple Mobile Safari isindex Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1290
11 Mar 2014 — WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. WebKit, utilizado en Apple iOS anterior a 7.1 y Apple TV anterior a 6.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caí... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 8CVE-2014-1266 – Apple Security Advisory 2014-02-21-1
https://notcve.org/view.php?id=CVE-2014-1266
22 Feb 2014 — The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. La función SSLVerifySigned... • https://github.com/gabrielg/CVE-2014-1266-poc • CWE-295: Improper Certificate Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2019
https://notcve.org/view.php?id=CVE-2014-2019
18 Feb 2014 — The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. El subsistema iCloud en Apple iOS anterior a 7.1 permite a atacantes físicamente próximos evadir un requisito de contraseña, y apagar el serv... • http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 6%CPEs: 7EXPL: 0CVE-2014-1252 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1252
24 Jan 2014 — Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. OS X Mavericks 10.9.2 and Security Upd... • http://osvdb.org/102460 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2013-5228 – (Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5228
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •