Vulnerabilities > Apple > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-09-18 | CVE-2014-4409 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | 4.3 |
2014-09-18 | CVE-2014-4408 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | 6.9 |
2014-09-18 | CVE-2014-4407 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | 4.3 |
2014-09-18 | CVE-2014-4383 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | 4.3 |
2014-09-18 | CVE-2014-4378 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | 5.8 |
2014-09-18 | CVE-2014-4377 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2014-09-18 | CVE-2014-4374 | XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2014-09-18 | CVE-2014-4368 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 6.9 |
2014-09-18 | CVE-2014-4366 | Credentials Management vulnerability in Apple Iphone OS Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 5.0 |
2014-09-18 | CVE-2014-4363 | Credentials Management vulnerability in Apple Iphone OS and Safari Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 5.0 |