Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-040
Vulnerability from certfr_avis - Published: 2015-01-28 - Updated: 2015-01-28
De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à OS X Yosemite v10.10.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Yosemite v10.10.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4486",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4486"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-4488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4488"
},
{
"name": "CVE-2014-8834",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8834"
},
{
"name": "CVE-2014-4485",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4485"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2014-4481",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4481"
},
{
"name": "CVE-2014-4497",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4497"
},
{
"name": "CVE-2014-4499",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4499"
},
{
"name": "CVE-2014-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8831"
},
{
"name": "CVE-2014-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4492"
},
{
"name": "CVE-2014-4495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4495"
},
{
"name": "CVE-2014-1595",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1595"
},
{
"name": "CVE-2014-8838",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8838"
},
{
"name": "CVE-2014-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
},
{
"name": "CVE-2014-8828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8828"
},
{
"name": "CVE-2014-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8817"
},
{
"name": "CVE-2014-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4421"
},
{
"name": "CVE-2014-8839",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8839"
},
{
"name": "CVE-2014-8833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8833"
},
{
"name": "CVE-2014-4426",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4426"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-8820",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8820"
},
{
"name": "CVE-2014-8826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8826"
},
{
"name": "CVE-2014-4498",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4498"
},
{
"name": "CVE-2014-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4419"
},
{
"name": "CVE-2014-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4420"
},
{
"name": "CVE-2014-4483",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4483"
},
{
"name": "CVE-2014-8827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8827"
},
{
"name": "CVE-2014-8830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
},
{
"name": "CVE-2014-3568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
},
{
"name": "CVE-2014-8825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8825"
},
{
"name": "CVE-2014-8819",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8819"
},
{
"name": "CVE-2014-8822",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8822"
},
{
"name": "CVE-2014-4489",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4489"
},
{
"name": "CVE-2014-8517",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8517"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2014-4460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4460"
},
{
"name": "CVE-2014-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8816"
},
{
"name": "CVE-2014-8823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8823"
},
{
"name": "CVE-2014-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4389"
},
{
"name": "CVE-2014-4487",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4487"
},
{
"name": "CVE-2014-8832",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8832"
},
{
"name": "CVE-2014-4491",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4491"
},
{
"name": "CVE-2014-8821",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8821"
},
{
"name": "CVE-2014-8829",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8829"
},
{
"name": "CVE-2014-8824",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8824"
},
{
"name": "CVE-2014-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4371"
},
{
"name": "CVE-2014-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4484"
},
{
"name": "CVE-2014-8837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8837"
},
{
"name": "CVE-2014-8835",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8835"
},
{
"name": "CVE-2014-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4461"
},
{
"name": "CVE-2014-8836",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8836"
},
{
"name": "CVE-2011-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
}
],
"initial_release_date": "2015-01-28T00:00:00",
"last_revision_date": "2015-01-28T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-040",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 27 janvier 2015",
"url": "http://support.apple.com/en-us/HT204244"
}
]
}
CVE-2014-4426 (GCVE-0-2014-4426)
Vulnerability from cvelistv5 – Published: 2014-10-18 01:00 – Updated: 2024-08-06 11:12
VLAI
EPSS
VEX
Summary
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1031063 | vdb-entryx_refsource_SECTRACK |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT6535 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70623 | vdb-entryx_refsource_BID |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2014-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "macosx-cve20144426-info-disc(97643)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97643"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "70623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70623"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "macosx-cve20144426-info-disc(97643)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97643"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "70623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70623"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-cve20144426-info-disc(97643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97643"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031063"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "70623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70623"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4426",
"datePublished": "2014-10-18T01:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:12:35.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4460 (GCVE-0-2014-4460)
Vulnerability from cvelistv5 – Published: 2014-11-18 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/71135 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1031230 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/en-us/HT6590 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/en-us/HT204419 | x_refsource_CONFIRM |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://support.apple.com/en-us/HT204418 | x_refsource_CONFIRM |
| https://support.apple.com/en-us/HT6591 | x_refsource_CONFIRM |
Date Public
2014-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2014-11-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "71135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71135"
},
{
"name": "1031230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "APPLE-SA-2014-11-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT204419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "macosx-cve20144460-info-disc(98783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT204418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT6591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2014-11-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "71135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71135"
},
{
"name": "1031230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "APPLE-SA-2014-11-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT204419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "macosx-cve20144460-info-disc(98783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT204418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT6591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "71135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71135"
},
{
"name": "1031230",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031230"
},
{
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "APPLE-SA-2014-11-17-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html"
},
{
"name": "https://support.apple.com/en-us/HT204419",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204419"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "macosx-cve20144460-info-disc(98783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98783"
},
{
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
},
{
"name": "https://support.apple.com/en-us/HT6591",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4460",
"datePublished": "2014-11-18T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4461 (GCVE-0-2014-4461)
Vulnerability from cvelistv5 – Published: 2014-11-18 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://support.apple.com/en-us/HT6590 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/71136 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1031231 | vdb-entryx_refsource_SECTRACK |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| https://support.apple.com/en-us/HT204420 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/en-us/HT204418 | x_refsource_CONFIRM |
| https://support.apple.com/en-us/HT6592 | x_refsource_CONFIRM |
Date Public
2014-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2014-11-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2014-11-17-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"
},
{
"name": "appletv-cve20144461-code-exec(98774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "71136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71136"
},
{
"name": "1031231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT204420"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT204418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT6592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2014-11-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2014-11-17-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"
},
{
"name": "appletv-cve20144461-code-exec(98774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "71136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71136"
},
{
"name": "1031231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT204420"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT204418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/en-us/HT6592"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2014-11-17-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"
},
{
"name": "appletv-cve20144461-code-exec(98774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98774"
},
{
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "71136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71136"
},
{
"name": "1031231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031231"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "https://support.apple.com/en-us/HT204420",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204420"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
},
{
"name": "https://support.apple.com/en-us/HT6592",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6592"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4461",
"datePublished": "2014-11-18T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4481 (GCVE-0-2014-4481)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4481",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4483 (GCVE-0-2014-4483)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4483",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4484 (GCVE-0-2014-4484)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4484",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4485 (GCVE-0-2014-4485)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4485",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4486 (GCVE-0-2014-4486)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-30T09:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4486",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4487 (GCVE-0-2014-4487)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4487",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4488 (GCVE-0-2014-4488)
Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20
VLAI
EPSS
VEX
Summary
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://support.apple.com/HT204245 | x_refsource_CONFIRM |
| http://support.apple.com/HT204246 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031650 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/HT204244 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4488",
"datePublished": "2015-01-30T11:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…