Lucene search

K

Tvos Security Vulnerabilities

cve
cve

CVE-2014-1367

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

7.8AI Score

0.008EPSS

2014-07-01 10:17 AM
29
cve
cve

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

7.8AI Score

0.008EPSS

2014-07-01 10:17 AM
34
cve
cve

CVE-2014-1382

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

7.8AI Score

0.008EPSS

2014-07-01 10:17 AM
27
cve
cve

CVE-2014-1383

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.

5.9AI Score

0.001EPSS

2014-07-01 10:17 AM
25
cve
cve

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impac...

4.5AI Score

0.043EPSS

2014-10-08 10:55 AM
74
cve
cve

CVE-2014-4357

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

5AI Score

0.001EPSS

2014-09-18 10:55 AM
40
cve
cve

CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

5.6CVSS

5.5AI Score

0.004EPSS

2014-09-18 10:55 AM
46
cve
cve

CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

5.8AI Score

0.007EPSS

2014-09-18 10:55 AM
38
cve
cve

CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4...

3.6AI Score

0.002EPSS

2014-09-18 10:55 AM
45
cve
cve

CVE-2014-4372

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

5.8AI Score

0.0004EPSS

2014-09-18 10:55 AM
33
cve
cve

CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

5.5CVSS

5.1AI Score

0.002EPSS

2014-09-18 10:55 AM
34
cve
cve

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS

7.3AI Score

0.0004EPSS

2014-09-18 10:55 AM
39
cve
cve

CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

7.8AI Score

0.01EPSS

2014-09-18 10:55 AM
51
cve
cve

CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

5.8AI Score

0.012EPSS

2014-09-18 10:55 AM
43
cve
cve

CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

6.3AI Score

0.001EPSS

2014-09-18 10:55 AM
36
cve
cve

CVE-2014-4380

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

8.5AI Score

0.003EPSS

2014-09-18 10:55 AM
48
cve
cve

CVE-2014-4381

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

7AI Score

0.003EPSS

2014-09-18 10:55 AM
39
cve
cve

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

5.5AI Score

0.002EPSS

2014-09-18 10:55 AM
38
cve
cve

CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

7.8CVSS

7.5AI Score

0.003EPSS

2014-09-18 10:55 AM
48
cve
cve

CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

5.8AI Score

0.004EPSS

2014-09-18 10:55 AM
65
cve
cve

CVE-2014-4404

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

7.8CVSS

8.4AI Score

0.021EPSS

2014-09-18 10:55 AM
880
In Wild
cve
cve

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

8AI Score

0.003EPSS

2014-09-18 10:55 AM
43
cve
cve

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

3.3CVSS

3.7AI Score

0.002EPSS

2014-09-18 10:55 AM
35
cve
cve

CVE-2014-4408

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

7.5AI Score

0.0004EPSS

2014-09-18 10:55 AM
38
cve
cve

CVE-2014-4410

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.008EPSS

2014-09-18 10:55 AM
38
cve
cve

CVE-2014-4411

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.008EPSS

2014-09-18 10:55 AM
34
cve
cve

CVE-2014-4412

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.009EPSS

2014-09-18 10:55 AM
41
cve
cve

CVE-2014-4413

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.008EPSS

2014-09-18 10:55 AM
45
cve
cve

CVE-2014-4414

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.008EPSS

2014-09-18 10:55 AM
55
cve
cve

CVE-2014-4415

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

7.8AI Score

0.008EPSS

2014-09-18 10:55 AM
111
cve
cve

CVE-2014-4418

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

7.8CVSS

7.5AI Score

0.003EPSS

2014-09-18 10:55 AM
39
cve
cve

CVE-2014-4419

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

3.6AI Score

0.002EPSS

2014-09-18 10:55 AM
38
cve
cve

CVE-2014-4420

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

3.6AI Score

0.002EPSS

2014-09-18 10:55 AM
39
cve
cve

CVE-2014-4421

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

3.6AI Score

0.002EPSS

2014-09-18 10:55 AM
42
cve
cve

CVE-2014-4422

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers...

8.1CVSS

7.2AI Score

0.007EPSS

2014-09-18 10:55 AM
44
cve
cve

CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

7.7AI Score

0.022EPSS

2014-11-18 11:59 AM
40
cve
cve

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

5.3AI Score

0.0004EPSS

2014-11-18 11:59 AM
30
cve
cve

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

7.1AI Score

0.026EPSS

2014-11-18 11:59 AM
44
cve
cve

CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

4.2AI Score

0.003EPSS

2014-11-18 11:59 AM
32
cve
cve

CVE-2014-4462

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

7.8AI Score

0.022EPSS

2014-11-18 11:59 AM
34
cve
cve

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

6.1AI Score

0.004EPSS

2014-12-10 09:59 PM
41
cve
cve

CVE-2014-4466

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.014EPSS

2014-12-10 09:59 PM
48
cve
cve

CVE-2014-4468

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
40
cve
cve

CVE-2014-4469

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
38
cve
cve

CVE-2014-4470

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
39
cve
cve

CVE-2014-4471

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
43
cve
cve

CVE-2014-4472

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
35
cve
cve

CVE-2014-4473

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
38
cve
cve

CVE-2014-4474

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
40
cve
cve

CVE-2014-4475

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

7.8AI Score

0.008EPSS

2014-12-10 09:59 PM
42
Total number of security vulnerabilities1658