|
282821
|
- |
|
apple
|
safari
mac_os_x
iphone_os
itunes
tvos
|
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
|
NVD-CWE-Other
|
CVE-2014-4459
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282822
|
- |
|
apple
|
mac_os_x
|
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive informatio…
|
CWE-200
Information Exposure
|
CVE-2014-4458
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282823
|
- |
|
apple
|
iphone_os
|
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted app…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4457
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282824
|
- |
|
apple
|
iphone_os
tvos
|
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restriction…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4455
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282825
|
- |
|
apple
|
iphone_os
mac_os_x
|
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to ob…
|
CWE-200
Information Exposure
|
CVE-2014-4453
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282826
|
- |
|
apple
|
tvos
iphone_os
safari
itunes
|
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra…
|
CWE-399
Resource Management Errors
|
CVE-2014-4452
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282827
|
- |
|
apple
|
iphone_os
|
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of gue…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4451
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282828
|
8.8 |
HIGH
Network
|
rsa
|
web_threat_detection
|
SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-4627
|
2024-11-21 11:10 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282829
|
- |
|
wordfence_security_project
|
wordfence_security
|
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the W…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4664
|
2024-11-21 11:10 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282830
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and …
|
NVD-CWE-Other
|
CVE-2014-4834
|
2024-11-21 11:10 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
