Vulnerabilities > Apple > Iphone OS > 4.2.10

DATE CVE VULNERABILITY TITLE RISK
2014-07-01 CVE-2014-1365 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
2014-07-01 CVE-2014-1364 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
2014-07-01 CVE-2014-1363 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
2014-07-01 CVE-2014-1362 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
2014-07-01 CVE-2014-1361 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
network
low complexity
apple CWE-200
5.0
2014-07-01 CVE-2014-1360 Improper Input Validation vulnerability in Apple Iphone OS
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
local
low complexity
apple CWE-20
2.1
2014-07-01 CVE-2014-1359 Numeric Errors vulnerability in Apple Iphone OS and Tvos
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
network
low complexity
apple CWE-189
critical
10.0
2014-07-01 CVE-2014-1358 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
network
low complexity
apple CWE-189
critical
10.0
2014-07-01 CVE-2014-1357 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
network
low complexity
apple CWE-119
critical
10.0
2014-07-01 CVE-2014-1356 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
network
low complexity
apple CWE-119
critical
10.0