|
278331
|
- |
|
apple
|
iphone_os
|
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-255
Credentials Management
|
CVE-2014-4366
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278332
|
5.6 |
MEDIUM
Adjacent
|
apple
|
iphone_os
tvos
|
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4364
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278333
|
- |
|
apple
|
iphone_os
safari
|
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web…
|
CWE-255
Credentials Management
|
CVE-2014-4363
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278334
|
- |
|
apple
|
iphone_os
|
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted…
|
CWE-200
Information Exposure
|
CVE-2014-4362
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278335
|
- |
|
apple
|
iphone_os
|
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a c…
|
CWE-200
Information Exposure
|
CVE-2014-4361
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278336
|
- |
|
apple
|
tvos
iphone_os
|
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
|
CWE-200
Information Exposure
|
CVE-2014-4357
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278337
|
- |
|
apple
|
iphone_os
|
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by readi…
|
CWE-200
Information Exposure
|
CVE-2014-4356
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278338
|
- |
|
apple
|
iphone_os
|
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4354
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278339
|
- |
|
apple
|
iphone_os
|
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
|
CWE-362
Race Condition
|
CVE-2014-4353
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278340
|
- |
|
apple
|
iphone_os
|
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
|
CWE-310
Cryptographic Issues
|
CVE-2014-4352
|
2024-11-21 11:10 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
