CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8399 | low | — | 2.1 | 12y ago | The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2014-8537 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | |||
| CVE-2014-8536 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | |||
| CVE-2014-8534 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. | |||
| CVE-2014-8529 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-8528 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. | |||
| CVE-2014-8526 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | |||
| CVE-2014-8519 | low | — | 2.1 | 12y ago | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. | |||
| CVE-2014-8518 | low | — | 2.1 | 12y ago | The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, an… | |||
| CVE-2014-6133 | low | — | 2.1 | 12y ago | IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. | |||
| CVE-2014-4620 | low | — | 2.1 | 12y ago | The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, w… | |||
| CVE-2014-5449 | low | — | 2.1 | 12y ago | Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | |||
| CVE-2014-5448 | low | — | 2.1 | 12y ago | Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | |||
| CVE-2014-5447 | low | — | 2.1 | 12y ago | Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerab… | |||
| CVE-2014-4446 | low | — | 2.1 | 12y ago | Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunist… | |||
| CVE-2014-4431 | low | — | 2.1 | 12y ago | Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||
| CVE-2014-6551 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. | |||
| CVE-2014-6501 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. | |||
| CVE-2014-6488 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.… | |||
| CVE-2014-5351 | low | — | 2.1 | 12y ago | The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r… | |||
| CVE-2014-5270 | low | — | 2.1 | 12y ago | Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers … | |||
| CVE-2014-7231 | low | — | 2.1 | 12y ago | OpenStack Oslo utility sensitive information exposure via log files | |||
| CVE-2014-7230 | low | — | 2.1 | 12y ago | The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro… | |||
| CVE-2014-4330 | low | — | 2.1 | 12y ago | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Referenc… | |||
| CVE-2014-3639 | low | — | 2.1 | 12y ago | The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and pre… | |||
| CVE-2014-3638 | low | — | 2.1 | 12y ago | The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of metho… | |||
| CVE-2014-3637 | low | — | 2.1 | 12y ago | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bu… | |||
| CVE-2014-4403 | low | — | 2.1 | 12y ago | The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Glob… | |||
| CVE-2014-4367 | low | — | 2.1 | 12y ago | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||
| CVE-2014-4357 | low | — | 2.1 | 12y ago | Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | |||
| CVE-2014-4356 | low | — | 2.1 | 12y ago | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by readi… | |||
| CVE-2014-4352 | low | — | 2.1 | 12y ago | Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||
| CVE-2014-3077 | low | — | 2.1 | 12y ago | IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information b… | |||
| CVE-2014-3079 | low | — | 2.1 | 12y ago | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with… | |||
| CVE-2014-4805 | low | — | 2.1 | 12y ago | IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | |||
| CVE-2014-5247 | low | — | 2.1 | 12y ago | The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, … | |||
| CVE-2014-3093 | low | — | 2.1 | 12y ago | IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) pow… | |||
| CVE-2014-5398 | low | — | 2.1 | 12y ago | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i… | |||
| CVE-2014-2381 | low | — | 2.1 | 12y ago | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. | |||
| CVE-2014-5457 | low | — | 2.1 | 12y ago | QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass… | |||
| CVE-2014-5456 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi… | |||
| CVE-2014-5240 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script o… | |||
| CVE-2014-0876 | low | — | 2.1 | 12y ago | Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x … | |||
| CVE-2014-4757 | low | — | 2.1 | 12y ago | The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary … | |||
| CVE-2014-3851 | low | — | 2.1 | 12y ago | usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | |||
| CVE-2014-3800 | low | — | 2.1 | 12y ago | XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | |||
| CVE-2014-0103 | low | — | 2.1 | 12y ago | WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | |||
| CVE-2014-4747 | low | — | 2.1 | 12y ago | The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML… | |||
| CVE-2014-5021 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject a… | |||
| CVE-2014-3533 | low | — | 2.1 | 12y ago | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message… | |||
| CVE-2014-3532 | low | — | 2.1 | 12y ago | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) b… | |||
| CVE-2014-3045 | low | — | 2.1 | 12y ago | IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to o… | |||
| CVE-2014-4222 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to pl… | |||
| CVE-2014-1378 | low | — | 2.1 | 12y ago | IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||
| CVE-2014-1375 | low | — | 2.1 | 12y ago | Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||
| CVE-2014-1360 | low | — | 2.1 | 12y ago | Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism v… | |||
| CVE-2014-1348 | low | — | 2.1 | 12y ago | Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proxima… | |||
| CVE-2014-1317 | low | — | 2.1 | 12y ago | iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2014-0206 | low | — | 2.1 | 12y ago | Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. | |||
| CVE-2014-4506 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta sett… | |||
| CVE-2014-4303 | low | — | 2.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web… | |||
| CVE-2014-4039 | low | — | 2.1 | 12y ago | ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by rea… | |||
| CVE-2014-3873 | low | — | 2.1 | 12y ago | The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtai… | |||
| CVE-2014-0202 | low | — | 2.1 | 12y ago | The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, whic… | |||
| CVE-2014-0201 | low | — | 2.1 | 12y ago | ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users t… | |||
| CVE-2014-0200 | low | — | 2.1 | 12y ago | The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows loca… | |||
| CVE-2014-0199 | low | — | 2.1 | 12y ago | The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allow… | |||
| CVE-2014-1738 | low | — | 2.1 | 12y ago | The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allo… | |||
| CVE-2014-3123 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, Ne… | |||
| CVE-2014-3426 | low | — | 2.1 | 12y ago | NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. | |||
| CVE-2014-3425 | low | — | 2.1 | 12y ago | NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. | |||
| CVE-2014-0164 | low | — | 2.1 | 12y ago | openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to o… | |||
| CVE-2014-0189 | low | — | 2.1 | 12y ago | virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. | |||
| CVE-2014-0181 | low | — | 2.1 | 12y ago | The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intend… | |||
| CVE-2014-1933 | low | — | 2.1 | 12y ago | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes… | |||
| CVE-2014-0085 | low | — | 2.1 | 12y ago | Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse | |||
| CVE-2014-2466 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors relat… | |||
| CVE-2014-2690 | low | — | 2.1 | 12y ago | Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | |||
| CVE-2014-1279 | low | — | 2.1 | 12y ago | Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. | |||
| CVE-2014-1274 | low | — | 2.1 | 12y ago | FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | |||
| CVE-2014-2040 | low | — | 2.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer p… | |||
| CVE-2014-2038 | low | — | 2.1 | 12y ago | The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows … | |||
| CVE-2014-1832 | low | — | 2.1 | 13y ago | Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists beca… | |||
| CVE-2014-1604 | low | — | 2.1 | 13y ago | RPLY Predictable Tmpfile Names Allows Cache Spoofing | |||
| CVE-2014-0647 | low | — | 2.1 | 13y ago | The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which al… | |||
| CVE-2014-1831 | low | — | 2.1 | 13y ago | Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | |||
| CVE-2014-0979 | low | — | 2.1 | 13y ago | The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, wh… | |||
| CVE-2014-1445 | low | — | 2.1 | 13y ago | The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information f… | |||
| CVE-2014-1234 | low | — | 2.1 | 13y ago | Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor | |||
| CVE-2014-1233 | low | — | 2.1 | 13y ago | Local API Login Credentials Disclosure in paratrooper-pingdom | |||
| CVE-2014-8923 | low | — | 1.9 | 11y ago | The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, w… | |||
| CVE-2014-6195 | low | — | 1.9 | 11y ago | The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6… | |||
| CVE-2014-5233 | low | — | 1.9 | 12y ago | The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. | |||
| CVE-2014-5232 | low | — | 1.9 | 12y ago | The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | |||
| CVE-2014-7170 | low | — | 1.9 | 12y ago | Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. | |||
| CVE-2014-8595 | low | — | 1.9 | 12y ago | arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a craf… | |||
| CVE-2014-6146 | low | — | 1.9 | 12y ago | IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitiv… | |||
| CVE-2014-3636 | low | — | 1.9 | 12y ago | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of… | |||
| CVE-2014-4450 | low | — | 1.9 | 12y ago | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discove… | |||
| CVE-2014-4448 | low | — | 1.9 | 12y ago | House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents direc… |