Total
3262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2017-08-28 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2017-08-28 | 1.9 LOW | N/A |
| House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | |||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2017-08-28 | 6.8 MEDIUM | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4457 | 1 Apple | 1 Iphone Os | 2017-08-28 | 7.5 HIGH | N/A |
| The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2017-08-28 | 2.1 LOW | N/A |
| Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||
| CVE-2014-4353 | 1 Apple | 1 Iphone Os | 2017-08-28 | 4.3 MEDIUM | N/A |
| Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | |||||
| CVE-2014-4386 | 1 Apple | 1 Iphone Os | 2017-08-28 | 1.9 LOW | N/A |
| Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | |||||
| CVE-2014-1252 | 1 Apple | 3 Iphone Os, Mac Os X, Pages | 2017-08-28 | 7.5 HIGH | N/A |
| Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | |||||
| CVE-2014-4384 | 1 Apple | 1 Iphone Os | 2017-08-28 | 1.9 LOW | N/A |
| Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | |||||
| CVE-2014-4374 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4352 | 1 Apple | 1 Iphone Os | 2017-08-28 | 2.1 LOW | N/A |
| Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||||
| CVE-2014-4354 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.8 MEDIUM | N/A |
| Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | |||||
| CVE-2014-4356 | 1 Apple | 1 Iphone Os | 2017-08-28 | 2.1 LOW | N/A |
| Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | |||||
| CVE-2014-4361 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | |||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | |||||
| CVE-2014-4368 | 1 Apple | 1 Iphone Os | 2017-08-28 | 6.9 MEDIUM | N/A |
| The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | |||||
| CVE-2014-4366 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.0 MEDIUM | N/A |
| Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.0 MEDIUM | N/A |
| The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | |||||