CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8829 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8829
28 Jan 2015 — SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various ot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8831 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8831
28 Jan 2015 — security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. security_taskgate en Apple OS X anterior a 10.10.2 permite a atacantes leer elementos de la cadena de claves group-ACL-restricted de aplicaciones arbitrarias a través de una aplicación manipulada con una firma de un certficado (1) auto firmado o (2) desarollador de identificaciones.... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4489 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4489
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no inicializa correctamente las colas de eventos, lo que permite a atacantes ejecutar código arbitrario o causar una denegación... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8839 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8839
28 Jan 2015 — Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Spotlight en Apple OS X anterior a 10.10.2 no fuerza la configuración de correo 'Cargar contenido remoto en mensajes', lo que permite a atacantes remotos descubrir direcciones IP recipientes mediante la inclusión de una imagen 'in... • http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2014-4483 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4483
28 Jan 2015 — Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. Desbordamiento de buffer en FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un fic... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 4CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
https://notcve.org/view.php?id=CVE-2014-4492
28 Jan 2015 — libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esp... • https://packetstorm.news/files/id/134393 • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2014-8817 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8817
28 Jan 2015 — coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. coresymbolicationd en CoreSymbolication en Apple OS X anterior a ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2014-8836 – OS X IOKit Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2014-8836
28 Jan 2015 — The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. El controlador Bluetooth en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (bzero de tamaño arbitrario de la memoria del kernel) a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are... • https://packetstorm.news/files/id/133602 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 18%CPEs: 3EXPL: 0CVE-2014-4484 – Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4484
27 Jan 2015 — FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero .dfont manip... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 39CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •