CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2014-1419 362 +Priv 2014-07-24 2017-01-07
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.
552 CVE-2014-1383 264 Bypass 2014-07-01 2019-03-08
5.5
None Remote Low ??? Partial Partial None
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.
553 CVE-2014-1382 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
554 CVE-2014-1381 264 DoS Exec Code 2014-07-01 2015-12-22
10.0
None Remote Low Not required Complete Complete Complete
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
555 CVE-2014-1380 264 Bypass 2014-07-01 2015-12-22
2.6
None Local High Not required Partial Partial None
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input.
556 CVE-2014-1379 DoS +Priv 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
557 CVE-2014-1378 264 Bypass 2014-07-01 2015-12-22
2.1
None Local Low Not required Partial None None
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
558 CVE-2014-1377 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
559 CVE-2014-1376 264 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
560 CVE-2014-1375 264 Bypass 2014-07-01 2015-12-22
2.1
None Local Low Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
561 CVE-2014-1373 264 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
562 CVE-2014-1372 264 Bypass +Info 2014-07-01 2015-11-20
4.9
None Local Low Not required Complete None None
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.
563 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2015-12-22
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
564 CVE-2014-1370 119 DoS Exec Code Overflow 2014-07-01 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
565 CVE-2014-1369 20 2014-07-01 2015-12-08
4.3
None Remote Medium Not required Partial None None
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.
566 CVE-2014-1368 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
567 CVE-2014-1367 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
568 CVE-2014-1366 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
569 CVE-2014-1365 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
570 CVE-2014-1364 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
571 CVE-2014-1363 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
572 CVE-2014-1362 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
573 CVE-2014-1361 200 +Info 2014-07-01 2019-03-08
5.0
None Remote Low Not required Partial None None
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
574 CVE-2014-1360 20 Bypass 2014-07-01 2017-01-07
2.1
None Local Low Not required None Partial None
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
575 CVE-2014-1359 189 Exec Code 2014-07-01 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
576 CVE-2014-1358 189 Exec Code Overflow 2014-07-01 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
577 CVE-2014-1357 119 Exec Code Overflow 2014-07-01 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
578 CVE-2014-1356 119 Exec Code Overflow 2014-07-01 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
579 CVE-2014-1355 DoS 2014-07-01 2019-03-08
4.9
None Local Low Not required None None Complete
The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.
580 CVE-2014-1354 399 DoS Exec Code 2014-07-01 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.
581 CVE-2014-1353 264 Bypass 2014-07-01 2017-01-07
3.6
None Local Low Not required Partial Partial None
Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.
582 CVE-2014-1352 264 2014-07-01 2017-01-07
1.9
None Local Medium Not required None Partial None
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
583 CVE-2014-1351 264 Bypass 2014-07-01 2017-01-07
3.6
None Local Low Not required Partial Partial None
Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
584 CVE-2014-1350 264 Bypass 2014-07-01 2017-01-07
4.6
None Local Low Not required Partial Partial Partial
Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
585 CVE-2014-1349 DoS Exec Code 2014-07-01 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
586 CVE-2014-1348 310 +Info 2014-07-01 2017-01-07
2.1
None Local Low Not required Partial None None
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.
587 CVE-2014-1345 2014-07-01 2017-01-07
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
588 CVE-2014-1340 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1.
589 CVE-2014-1325 119 DoS Exec Code Overflow Mem. Corr. 2014-07-01 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
590 CVE-2014-1317 200 +Info 2014-07-01 2015-12-22
2.1
None Local Low Not required Partial None None
iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.
591 CVE-2014-0970 20 2014-07-19 2017-08-29
3.5
None Remote Medium ??? None Partial None
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.
592 CVE-2014-0968 79 XSS 2014-07-19 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.
593 CVE-2014-0967 79 XSS 2014-07-19 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
594 CVE-2014-0957 79 XSS 2014-07-18 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.
595 CVE-2014-0948 Exec Code 2014-07-30 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.
596 CVE-2014-0947 Exec Code 2014-07-30 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.
597 CVE-2014-0915 79 XSS 2014-07-30 2018-10-09
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
598 CVE-2014-0914 79 XSS 2014-07-30 2018-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
599 CVE-2014-0894 200 +Info 2014-07-07 2018-10-09
3.5
None Remote Medium ??? Partial None None
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.
600 CVE-2014-0889 79 XSS 2014-07-29 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Total number of vulnerabilities : 654   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.