Lucene search

K

10 matches found

CVE
CVE
added 2014/11/18 11:59 a.m.63 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.54 views

CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1CVSS2.8AI score0.00072EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.52 views

CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

5.4CVSS7.7AI score0.01266EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.52 views

CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.00782EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.50 views

CVE-2014-4462

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

5.8CVSS7.8AI score0.01266EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.45 views

CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

9.3CVSS4.2AI score0.0186EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.43 views

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1CVSS5.3AI score0.00063EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.42 views

CVE-2014-4451

Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.

7.2CVSS5.7AI score0.00072EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.40 views

CVE-2014-4457

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

7.5CVSS5.5AI score0.01115EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.36 views

CVE-2014-4463

Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2.1CVSS5.9AI score0.00082EPSS