var-201409-0471
Vulnerability from variot
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components: 802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home & Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. This BID is being retired. The following individual records exist to better document the issues: 69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability 69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability 69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability 69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability 69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability 69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability 69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability 69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability 69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability 69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability 69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability 69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability 69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability 69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability 69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability 69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability 69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability 69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability 69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability 69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability 69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability 69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability 69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability 69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability 69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability 69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability 69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability 69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability 69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability 69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability 69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability 69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability 69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability 69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability 69945 Apple iOS CVE-2014-4367 Security Vulnerability 69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability 69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability 69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability 69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability. Successfully exploiting this issue can allow attackers to elevate privileges and and install unverified applications. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A local attacker could exploit this vulnerability to install unauthenticated applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (ipod touch first 5 after generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
}
],
"sources": [
{
"db": "BID",
"id": "69882"
},
{
"db": "BID",
"id": "69940"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte, Adam Weaver, Hendrik Bettermann, Heli Myllykoski, Jonathan Zdziarski, evad3rs, Raul Siles of DinoSec, Maneet Singh, Sean Bluestein, Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partne",
"sources": [
{
"db": "BID",
"id": "69882"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-4384",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-72324",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4384",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2014-4384",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-630",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-72324",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72324"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components:\n802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home \u0026amp; Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components. \nSuccessfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. \nThis BID is being retired. The following individual records exist to better document the issues:\n69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability\n69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability\n69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability\n69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability\n69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability\n69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability\n69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability\n69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability\n69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability\n69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability\n69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability\n69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability\n69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability\n69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability\n69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability\n69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability\n69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability\n69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability\n69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability\n69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability\n69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability\n69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability\n69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability\n69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability\n69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability\n69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability\n69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability\n69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability\n69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability\n69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability\n69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability\n69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability\n69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability\n69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability\n69945 Apple iOS CVE-2014-4367 Security Vulnerability\n69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability\n69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability\n69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability\n69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability. \nSuccessfully exploiting this issue can allow attackers to elevate privileges and and install unverified applications. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A local attacker could exploit this vulnerability to install unauthenticated applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4384"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "BID",
"id": "69940"
},
{
"db": "VULHUB",
"id": "VHN-72324"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4384",
"trust": 2.8
},
{
"db": "BID",
"id": "69882",
"trust": 1.4
},
{
"db": "BID",
"id": "69940",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1030866",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93868849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72324",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72324"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "BID",
"id": "69940"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"id": "VAR-201409-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72324"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:16:56.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6441",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6441"
},
{
"title": "HT6441",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6441?viewlocale=ja_JP"
},
{
"title": "AppleTV3,2_7.0_12A365b_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51554"
},
{
"title": "iPhone7,2_8.0_12A365_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51553"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72324"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/69882"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/69940"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht6441"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030866"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96087"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4384"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93868849/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4384"
},
{
"trust": 0.6,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72324"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "BID",
"id": "69940"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72324"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "BID",
"id": "69940"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-72324"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69882"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69940"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"date": "2014-09-18T10:55:09.657000",
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-72324"
},
{
"date": "2014-09-23T00:01:00",
"db": "BID",
"id": "69882"
},
{
"date": "2015-03-19T08:10:00",
"db": "BID",
"id": "69940"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004311"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-630"
},
{
"date": "2024-11-21T02:10:05.460000",
"db": "NVD",
"id": "CVE-2014-4384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69940"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Directory traversal vulnerability in the application installation function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-630"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…