Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:iphone_os:8.0.1
There are 1,998 matching records.
Displaying matches 1,981 through 1,998.
Vuln ID Summary CVSS Severity
CVE-2014-4468

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

Published: December 10, 2014; 4:59:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4466

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

Published: December 10, 2014; 4:59:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

Published: December 10, 2014; 4:59:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4463

Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

Published: November 18, 2014; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4462

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

Published: November 18, 2014; 6:59:09 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

Published: November 18, 2014; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

Published: November 18, 2014; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

Published: November 18, 2014; 6:59:06 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4457

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

Published: November 18, 2014; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

Published: November 18, 2014; 6:59:03 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

Published: November 18, 2014; 6:59:02 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

Published: November 18, 2014; 6:59:01 AM -0500
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2014-4451

Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.

Published: November 18, 2014; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-4450

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

Published: October 22, 2014; 6:55:02 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-4449

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: October 22, 2014; 6:55:02 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4448

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Published: October 22, 2014; 6:55:02 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: October 08, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM