Vulnerabilities > Apple > Iphone OS > 4.2.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-23 | CVE-2014-1320 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. | 4.9 |
2014-04-23 | CVE-2014-1296 | Permissions, Privileges, and Access Controls vulnerability in Apple products CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | 4.3 |
2014-04-23 | CVE-2014-1295 | Improper Authentication vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | 6.8 |
2014-03-14 | CVE-2014-1294 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293. | 6.8 |
2014-03-14 | CVE-2014-1293 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294. | 6.8 |
2014-03-14 | CVE-2014-1292 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294. | 6.8 |
2014-03-14 | CVE-2014-1291 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. | 6.8 |
2014-03-14 | CVE-2014-1290 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. | 6.8 |
2014-03-14 | CVE-2014-1289 | Buffer Errors vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. | 6.8 |
2014-03-14 | CVE-2014-1287 | Buffer Errors vulnerability in Apple Iphone OS and Tvos USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | 7.2 |