Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Iphone_os
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff |
| #Vulnerabilities | 3370 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-09-18 | CVE-2014-4408 | The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | Iphone_os, Mac_os_x, Tvos | N/A | ||
| 2014-09-18 | CVE-2014-4407 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | Iphone_os, Mac_os_x, Tvos | 3.3 | ||
| 2014-09-18 | CVE-2014-4405 | IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | Iphone_os, Mac_os_x, Tvos | N/A | ||
| 2014-09-18 | CVE-2014-4389 | Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | Iphone_os, Mac_os_x, Tvos | N/A | ||
| 2014-09-18 | CVE-2014-4388 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | Iphone_os, Mac_os_x, Tvos | 7.8 | ||
| 2014-09-18 | CVE-2014-4386 | Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | Iphone_os | N/A | ||
| 2014-09-18 | CVE-2014-4384 | Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | Iphone_os | N/A | ||
| 2014-09-18 | CVE-2014-4383 | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | Iphone_os, Tvos | N/A | ||
| 2014-09-18 | CVE-2014-4381 | Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | Iphone_os, Mac_os_x, Tvos | N/A | ||
| 2014-09-18 | CVE-2014-4380 | The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. | Iphone_os, Mac_os_x, Tvos | N/A |