CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7401 CVE-2014-4483 119 DoS Exec Code Overflow 2015-01-30 2015-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
7402 CVE-2014-4481 189 DoS Exec Code Overflow 2015-01-30 2015-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
7403 CVE-2014-4479 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
7404 CVE-2014-4477 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
7405 CVE-2014-4476 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
7406 CVE-2014-4475 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7407 CVE-2014-4474 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7408 CVE-2014-4473 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7409 CVE-2014-4472 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7410 CVE-2014-4471 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7411 CVE-2014-4470 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7412 CVE-2014-4469 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7413 CVE-2014-4468 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
7414 CVE-2014-4459 Exec Code 2014-11-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
7415 CVE-2014-4449 310 +Info 2014-10-22 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
7416 CVE-2014-4441 264 2014-10-17 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.
7417 CVE-2014-4438 362 2014-10-17 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
7418 CVE-2014-4437 264 Bypass 2014-10-17 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
7419 CVE-2014-4422 310 Bypass 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
7420 CVE-2014-4416 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401.
7421 CVE-2014-4415 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7422 CVE-2014-4414 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7423 CVE-2014-4413 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7424 CVE-2014-4412 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7425 CVE-2014-4411 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7426 CVE-2014-4410 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
7427 CVE-2014-4408 119 DoS Overflow +Priv 2014-09-18 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
7428 CVE-2014-4401 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416.
7429 CVE-2014-4400 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416.
7430 CVE-2014-4399 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7431 CVE-2014-4398 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7432 CVE-2014-4397 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7433 CVE-2014-4396 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7434 CVE-2014-4395 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7435 CVE-2014-4394 20 Exec Code 2014-09-19 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
7436 CVE-2014-4391 310 Exec Code Bypass 2014-10-17 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
7437 CVE-2014-4377 189 DoS Exec Code Overflow 2014-09-18 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
7438 CVE-2014-4368 264 2014-09-18 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
7439 CVE-2014-4351 119 DoS Exec Code Overflow 2014-10-17 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
7440 CVE-2014-4350 119 DoS Exec Code Overflow 2014-09-19 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
7441 CVE-2014-4333 352 Sql CSRF 2014-06-19 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
7442 CVE-2014-4267 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components.
7443 CVE-2014-4261 2014-07-17 2018-10-09
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.
7444 CVE-2014-4258 2014-07-17 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
7445 CVE-2014-4255 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.
7446 CVE-2014-4254 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.
7447 CVE-2014-4236 2014-07-17 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
7448 CVE-2014-4225 2014-07-17 2018-10-09
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.
7449 CVE-2014-4209 2014-07-17 2018-10-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
7450 CVE-2014-4199 59 2014-08-28 2017-08-28
6.3
None Local Medium Not required None Complete Complete
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.