|
3091
|
-
5.0
|
MEDIUM
|
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to ob…
|
CWE-200
Information Exposure
|
CVE-2014-4453
|
cpe:2.3:o:apple:iphone_os:8.0:* cpe:2.3:o:apple:iphone_os:8.0.2:* cpe:2.3:o:apple:iphone_os:8.0.1:* cpe:2.3:o:…
|
|
8.1
|
|
|
2024-11-21 11:10
2014-11-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3092
|
-
5.4
|
MEDIUM
|
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra…
|
CWE-399
Resource Management Errors
|
CVE-2014-4452
|
cpe:2.3:o:apple:iphone_os:*:*
|
8.0
|
|
|
8.1.1
|
2024-11-21 11:10
2014-11-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3093
|
-
7.2
|
HIGH
|
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of gue…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4451
|
cpe:2.3:o:apple:iphone_os:8.0:* cpe:2.3:o:apple:iphone_os:8.0.2:* cpe:2.3:o:apple:iphone_os:8.0.1:* cpe:2.3:o:…
|
|
8.1
|
|
|
2024-11-21 11:10
2014-11-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3094
|
-
1.9
|
LOW
|
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discove…
|
CWE-255
Credentials Management
|
CVE-2014-4450
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.0.2
|
|
|
2024-11-21 11:10
2014-10-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3095
|
-
6.8
|
MEDIUM
|
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4449
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.0.2
|
|
|
2024-11-21 11:10
2014-10-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3096
|
-
1.9
|
LOW
|
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents direc…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4448
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.0.2
|
|
|
2024-11-21 11:10
2014-10-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3097
|
-
7.5
|
HIGH
|
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.212…
|
CWE-416
Use After Free
|
CVE-2014-3192
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.1.2
|
|
|
2024-11-21 11:07
2014-10-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3098
|
-
6.8
|
MEDIUM
|
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3187
|
cpe:2.3:o:apple:iphone_os:-:*
|
|
|
|
|
2024-11-21 11:07
2014-10-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3099
|
7.8
9.3
|
HIGH
Local
|
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-m…
|
CWE-787
Out-of-bounds Write
|
CVE-2014-4404
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
|
|
8.0
|
2026-04-22 01:22
2014-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3100
|
-
4.3
|
MEDIUM
|
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4423
|
cpe:2.3:o:apple:iphone_os:7.1:* cpe:2.3:o:apple:iphone_os:7.1.1:* cpe:2.3:o:apple:iphone_os:7.0:* cpe:2.3:o:ap…
|
|
7.1.2
|
|
|
2024-11-21 11:10
2014-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|