National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:iphone_os:7.0.1
There are 1,804 matching records.
Displaying matches 1701 through 1720.
Vuln ID Summary CVSS Severity
CVE-2014-4411

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

Published: September 18, 2014; 06:55:10 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4410

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

Published: September 18, 2014; 06:55:10 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4409

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.

Published: September 18, 2014; 06:55:10 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4408

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 6.9 MEDIUM
CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 3.3 LOW
    V2: 4.3 MEDIUM
CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4404

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 1.9 LOW
CVE-2014-4384

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 1.9 LOW
CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4381

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4380

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 9.3 HIGH
CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 7.1 HIGH
CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 5.8 MEDIUM
CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2014-4374

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: September 18, 2014; 06:55:09 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

Published: September 18, 2014; 06:55:09 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 7.8 HIGH