Lista CVE - 2014 / Settembre
Visualizzazione 601 - 700 di 1146 CVE per Settembre 2014 (Pagina 7 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2014-4353 | 2014-09-18 | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage... |
| CVE-2014-4354 | 2014-09-18 | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. |
| CVE-2014-4356 | 2014-09-18 | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this... |
| CVE-2014-4357 | 2014-09-18 | Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in... |
| CVE-2014-4361 | 2014-09-18 | The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by... |
| CVE-2014-4362 | 2014-09-18 | The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted... |
| CVE-2014-4363 | 2014-09-18 | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site,... |
| CVE-2014-4364 | 2014-09-18 | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication... |
| CVE-2014-4366 | 2014-09-18 | Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the... |
| CVE-2014-4367 | 2014-09-18 | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. |
| CVE-2014-4368 | 2014-09-18 | The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. |
| CVE-2014-4369 | 2014-09-18 | The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an... |
| CVE-2014-4371 | 2014-09-18 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout... |
| CVE-2014-4372 | 2014-09-18 | syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on... |
| CVE-2014-4373 | 2014-09-18 | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device... |
| CVE-2014-4374 | 2014-09-18 | NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to... |
| CVE-2014-4375 | 2014-09-18 | Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related... |
| CVE-2014-4377 | 2014-09-18 | Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via... |
| CVE-2014-4378 | 2014-09-18 | CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via... |
| CVE-2014-4379 | 2014-09-18 | An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the... |
| CVE-2014-4380 | 2014-09-18 | The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the... |
| CVE-2014-4381 | 2014-09-18 | Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted... |
| CVE-2014-4383 | 2014-09-18 | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. |
| CVE-2014-4384 | 2014-09-18 | Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. |
| CVE-2014-4386 | 2014-09-18 | Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. |
| CVE-2014-4388 | 2014-09-18 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via... |
| CVE-2014-4389 | 2014-09-18 | Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted... |
| CVE-2014-4405 | 2014-09-18 | IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference)... |
| CVE-2014-4407 | 2014-09-18 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes... |
| CVE-2014-4408 | 2014-09-18 | The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read... |
| CVE-2014-4409 | 2014-09-18 | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had... |
| CVE-2014-4410 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4411 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4412 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4413 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4414 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4415 | 2014-09-18 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... |
| CVE-2014-4418 | 2014-09-18 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via... |
| CVE-2014-4419 | 2014-09-18 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout... |
| CVE-2014-4420 | 2014-09-18 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout... |
| CVE-2014-4421 | 2014-09-18 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout... |
| CVE-2014-4422 | 2014-09-18 | The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to... |
| CVE-2014-4423 | 2014-09-18 | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. |
| CVE-2014-4819 | 2014-09-18 | The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the... |
| CVE-2014-4820 | 2014-09-18 | Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4824 | 2014-09-18 | SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-4826 | 2014-09-18 | IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
| CVE-2014-5317 | 2014-09-18 | Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers... |
| CVE-2014-5411 | 2014-09-18 | Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting |
| CVE-2014-5412 | 2014-09-18 | Schneider Electric SCADA Expert ClearSCADA Improper Authentication |
| CVE-2014-5413 | 2014-09-18 | Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues |
| CVE-2014-5919 | 2014-09-18 | The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-5920 | 2014-09-18 | The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5921 | 2014-09-18 | The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-5922 | 2014-09-18 | The ga6748 (aka com.g.ga6748) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5923 | 2014-09-18 | The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5924 | 2014-09-18 | The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5925 | 2014-09-18 | The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-5926 | 2014-09-18 | The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5927 | 2014-09-18 | The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-5928 | 2014-09-18 | The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-5929 | 2014-09-18 | The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5930 | 2014-09-18 | The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5931 | 2014-09-18 | The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain... |
| CVE-2014-5932 | 2014-09-18 | The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5933 | 2014-09-18 | The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5934 | 2014-09-18 | The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5935 | 2014-09-18 | The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-5936 | 2014-09-18 | The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5937 | 2014-09-18 | The Social Networking (aka com.wSocialNetworkingSites) application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5938 | 2014-09-18 | The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-5939 | 2014-09-18 | The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5940 | 2014-09-18 | The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5941 | 2014-09-18 | The Armpit Spa & Girl Games (aka com.freegames.spamakeover) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-5942 | 2014-09-18 | The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5943 | 2014-09-18 | The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-5944 | 2014-09-18 | The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5945 | 2014-09-18 | The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5946 | 2014-09-18 | The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application 3.4.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5947 | 2014-09-18 | The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5948 | 2014-09-18 | The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5949 | 2014-09-18 | The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain... |
| CVE-2014-5950 | 2014-09-18 | The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5951 | 2014-09-18 | The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5952 | 2014-09-18 | The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5953 | 2014-09-18 | The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-5954 | 2014-09-18 | The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5955 | 2014-09-18 | The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-5956 | 2014-09-18 | The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-5957 | 2014-09-18 | The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-4404 | 2014-09-18 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides... |
| CVE-2006-1318 | 2014-09-19 | Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote... |
| CVE-2014-1391 | 2014-09-19 | QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted... |
| CVE-2014-4350 | 2014-09-19 | Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted... |
| CVE-2014-4376 | 2014-09-19 | IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an... |
| CVE-2014-4390 | 2014-09-19 | Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. |
| CVE-2014-4393 | 2014-09-19 | Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of... |
| CVE-2014-4394 | 2014-09-19 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code... |
| CVE-2014-4395 | 2014-09-19 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code... |
| CVE-2014-4396 | 2014-09-19 | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code... |