CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 1CVE-2014-4481 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4481
28 Jan 2015 — Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de enteros en CoreGraphics en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 pemite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento PDF... • https://github.com/feliam/CVE-2014-4481 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4495 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4495
28 Jan 2015 — The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. El kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no fuerza el atributo de sólo lectura de un segmento de memoria compartida durante el uso de un modo de caché 'custom', lo que permite a ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8831 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8831
28 Jan 2015 — security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. security_taskgate en Apple OS X anterior a 10.10.2 permite a atacantes leer elementos de la cadena de claves group-ACL-restricted de aplicaciones arbitrarias a través de una aplicación manipulada con una firma de un certficado (1) auto firmado o (2) desarollador de identificaciones.... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4488 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4488
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no valida correctamente los metadatos de la cola de recursos, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación man... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8819 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8819
28 Jan 2015 — The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. Intel Graphics Driver en Apple OS X anterior a 10.10.2 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8820 y CVE-2014-8821. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache c... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4499 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-4499
28 Jan 2015 — The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. El proceso App Store en CommerceKit Framework en Apple OS X anterior a 10.10.2 coloca las credenciales de identificación de Apple en los registros de App Store, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. OS X 10.10.2 and Security Update 2015-001 are now avai... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8837 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8837
28 Jan 2015 — Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execut... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2014-4483 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4483
28 Jan 2015 — Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. Desbordamiento de buffer en FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un fic... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4487 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4487
28 Jan 2015 — Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8832 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8832
28 Jan 2015 — The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. OS X 10.10.2 and Security Update 2015-001 are now availabl... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •