Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:iphone_os:8.0.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4460 |
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. Published: November 18, 2014; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-4459 |
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Published: November 18, 2014; 6:59:06 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4457 |
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. Published: November 18, 2014; 6:59:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-4455 |
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. Published: November 18, 2014; 6:59:03 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-4453 |
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Published: November 18, 2014; 6:59:02 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4452 |
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. Published: November 18, 2014; 6:59:01 AM -0500 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2014-4451 |
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. Published: November 18, 2014; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-4450 |
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. Published: October 22, 2014; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2014-4449 |
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: October 22, 2014; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4448 |
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. Published: October 22, 2014; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2014-3192 |
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: October 08, 2014; 6:55:06 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3951 |
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. Published: June 05, 2013; 10:39:55 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |