Vulnerabilities > Apple > Iphone OS > 3.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-18 | CVE-2014-4374 | XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-09-18 | CVE-2014-4373 | NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS, mac OS X and Tvos The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | 7.8 |
| 2014-09-18 | CVE-2014-4372 | Link Following vulnerability in Apple Iphone OS and Tvos syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | 3.6 |
| 2014-09-18 | CVE-2014-4371 | Improper Initialization vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | 1.9 |
| 2014-09-18 | CVE-2014-4369 | NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS and Tvos The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. | 7.8 |
| 2014-09-18 | CVE-2014-4368 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 6.9 |
| 2014-09-18 | CVE-2014-4367 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | 2.1 |
| 2014-09-18 | CVE-2014-4366 | Credentials Management vulnerability in Apple Iphone OS Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 5.0 |
| 2014-09-18 | CVE-2014-4364 | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | 2.9 |
| 2014-09-18 | CVE-2014-4362 | Information Exposure vulnerability in Apple Iphone OS The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | 5.0 |