Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-30 | CVE-2014-4480 | Link Following vulnerability in Apple Iphone OS and Tvos Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | 10.0 |
2015-01-30 | CVE-2014-4479 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. | 6.8 |
2015-01-30 | CVE-2014-4477 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. | 6.8 |
2015-01-30 | CVE-2014-4476 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. | 6.8 |
2015-01-30 | CVE-2014-4467 | Code vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. | 4.3 |
2015-01-23 | CVE-2015-0310 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | 10.0 |
2015-01-15 | CVE-2014-8151 | The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | 5.8 |
2015-01-14 | CVE-2014-5233 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. | 1.9 |
2015-01-14 | CVE-2014-5232 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | 1.9 |
2015-01-14 | CVE-2014-5231 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | 2.1 |