CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4486
https://notcve.org/view.php?id=CVE-2014-4486
28 Jan 2015 — IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no maneja correctamente las listas de recursos y los tipos de cliente usuario de IOService, lo que permite... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4487
https://notcve.org/view.php?id=CVE-2014-4487
28 Jan 2015 — Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4488
https://notcve.org/view.php?id=CVE-2014-4488
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no valida correctamente los metadatos de la cola de recursos, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación man... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4489
https://notcve.org/view.php?id=CVE-2014-4489
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no inicializa correctamente las colas de eventos, lo que permite a atacantes ejecutar código arbitrario o causar una denegación... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4491
https://notcve.org/view.php?id=CVE-2014-4491
28 Jan 2015 — The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Las APIs de extensiónTen el kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no previene la presencia de direcciones dentro de una clave OSBundleMachOHeaders en una ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 3CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
https://notcve.org/view.php?id=CVE-2014-4492
28 Jan 2015 — libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esp... • https://www.exploit-db.com/exploits/35847 • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4495
https://notcve.org/view.php?id=CVE-2014-4495
28 Jan 2015 — The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. El kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no fuerza el atributo de sólo lectura de un segmento de memoria compartida durante el uso de un modo de caché 'custom', lo que permite a ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 32CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://www.exploit-db.com/exploits/35951 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 18%CPEs: 3EXPL: 0CVE-2014-4484 – Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4484
27 Jan 2015 — FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero .dfont manip... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 1%CPEs: 32EXPL: 3CVE-2015-0973
https://notcve.org/view.php?id=CVE-2015-0973
18 Jan 2015 — Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Desbordamiento de buffer en la función png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de datos IDAT con una anchura grande, una vulnerabi... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •