CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1383
https://notcve.org/view.php?id=CVE-2014-1383
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. Apple TV anterior a 6.1.2 permite a usuarios remotos autenticados evadir un requisito de contraseña para transacciones de compra de la tienda de iTunes a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://www.securitytracker.com/id/1030503 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1361
https://notcve.org/view.php?id=CVE-2014-1361
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Secure Transport en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 no asegura que un mensaje DTLS está aceptado únicamente para una conexión DTLS, lo que permite a atacantes remotos obtener información potencialmente sensible de memoria de procesos no inicializada mediante el proporcionamiento de un mensaje DTLS dentro de una conexión TLS. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1358
https://notcve.org/view.php?id=CVE-2014-1358
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Desbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1359
https://notcve.org/view.php?id=CVE-2014-1359
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Subdesbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://packetstormsecurity.com/files/167630/launchd-Heap-Corruption.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1355
https://notcve.org/view.php?id=CVE-2014-1355
The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. La implementación IOKit en el kernel en Apple iOS anterior a 7.1.2 y Apple TV anterior a 6.1.2, y en IOReporting en Apple OS X anterior a 10.9.4, permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y reinicio) a través de argumentos API manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 •