CVE-2014-4411
https://notcve.org/view.php?id=CVE-2014-4411
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-09-17-1 y APPLE-SA-2014-09-17-2. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69881 http://www.securityfocus.com/bid/69970 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4381
https://notcve.org/view.php?id=CVE-2014-4381
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. Libnotify en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de comprobadores de límites adecuados en las operaciones de escritura, lo que permite a atacantes ejecutar código como root a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69931 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96083 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4374
https://notcve.org/view.php?id=CVE-2014-4374
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NSXMLParser en Foundation en Apple iOS anterior a 8 permite a los atacantes leer ficheros arbitrarios a través de datos XML que contienen una declaración de entidad externa en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69905 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96077 •
CVE-2014-4373
https://notcve.org/view.php?id=CVE-2014-4373
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. El controlador IntelAccelerator en el subsistema IOAcceleratorFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69934 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96108 https://support.apple.com/kb/HT6535 •
CVE-2014-4371
https://notcve.org/view.php?id=CVE-2014-4371
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. La interfaz network-statistics en el kernel en Apple iOS anterior a 8 y Apple TV anterior 7 no inicializa correctamente la memoria, lo que permite a atacantes obtener información sensible de contenido de memoria y diseño de memoria a través de aplicaciones manipuladas, una vulnerabilidad diferente a CVE-2014-4419, CVE-2014-4420 y CVE-2014-4421. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69919 http://www.securitytracker.com • CWE-665: Improper Initialization •