Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-4483 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4481 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
2015-01-30 CVE-2014-4480 Link Following vulnerability in Apple Iphone OS and Tvos
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
network
low complexity
apple CWE-59
critical
10.0
2015-01-30 CVE-2014-4479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4477 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4476 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4467 Code vulnerability in Apple Iphone OS
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
network
apple CWE-17
4.3
2014-12-10 CVE-2014-4475 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
2014-12-10 CVE-2014-4474 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
2014-12-10 CVE-2014-4473 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8