National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:iphone_os:5.0.1:-:ipodtouch
There are 1,766 matching records.
Displaying matches 1481 through 1500.
Vuln ID Summary CVSS Severity
CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 1.9 LOW
CVE-2014-4384

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 1.9 LOW
CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4381

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4380

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 7.1 HIGH
CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 5.8 MEDIUM
CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2014-4374

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 7.8 HIGH
CVE-2014-4372

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 3.6 LOW
CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 1.9 LOW
CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 7.8 HIGH
CVE-2014-4368

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 6.9 MEDIUM
CVE-2014-4367

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 2.1 LOW
CVE-2014-4366

Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

Published: September 18, 2014; 06:55:08 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

Published: September 18, 2014; 06:55:08 AM -04:00
V3.0: 5.6 MEDIUM
    V2: 2.9 LOW
CVE-2014-4362

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.

Published: September 18, 2014; 06:55:08 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.

Published: September 18, 2014; 06:55:08 AM -04:00
    V2: 5.0 MEDIUM