Total
3661 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | |||||
CVE-2014-1357 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. | |||||
CVE-2014-1275 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||||
CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2024-02-28 | 1.9 LOW | N/A |
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | |||||
CVE-2014-1325 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | |||||
CVE-2015-1104 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 5.0 MEDIUM | N/A |
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. | |||||
CVE-2015-1086 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 6.9 MEDIUM | N/A |
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2014-4422 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | |||||
CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2024-02-28 | 1.9 LOW | N/A |
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | |||||
CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.8 MEDIUM | N/A |
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||||
CVE-2014-1266 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | |||||
CVE-2014-4372 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 3.6 LOW | N/A |
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2015-1093 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 6.8 MEDIUM | N/A |
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||||
CVE-2015-1063 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.8 HIGH | N/A |
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | |||||
CVE-2015-1069 | 1 Apple | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | |||||
CVE-2014-1252 | 1 Apple | 3 Iphone Os, Mac Os X, Pages | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | |||||
CVE-2014-1320 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 4.9 MEDIUM | N/A |
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. | |||||
CVE-2015-1096 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 1.9 LOW | N/A |
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||||
CVE-2015-1103 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 7.5 HIGH | N/A |
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. | |||||
CVE-2014-4495 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. |