|
3051
|
-
5.0
|
MEDIUM
|
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a craft…
|
CWE-19
Data Processing Errors
|
CVE-2015-1062
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.3
|
|
|
2024-11-21 11:24
2015-03-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3052
|
-
9.3
|
HIGH
|
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confus…
|
CWE-94
Code Injection
|
CVE-2015-1061
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.3
|
|
|
2024-11-21 11:24
2015-03-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3053
|
-
4.3
|
MEDIUM
|
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct c…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1067
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.3
|
|
|
2024-11-21 11:24
2015-03-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3054
|
-
6.8
|
MEDIUM
|
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
|
CWE-310
Cryptographic Issues
|
CVE-2014-8840
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:19
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3055
|
-
5.0
|
MEDIUM
|
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4496
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3056
|
-
10.0
|
HIGH
|
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4495
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3057
|
-
6.8
|
MEDIUM
|
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-la…
|
CWE-20
Improper Input Validation
|
CVE-2014-4494
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3058
|
-
7.5
|
HIGH
|
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution cer…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4493
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3059
|
-
7.5
|
HIGH
|
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary…
|
CWE-19
Data Processing Errors
|
CVE-2014-4492
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3060
|
-
5.0
|
MEDIUM
|
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a respo…
|
CWE-200
Information Exposure
|
CVE-2014-4491
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:10
2015-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|