CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8839 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8839
28 Jan 2015 — Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Spotlight en Apple OS X anterior a 10.10.2 no fuerza la configuración de correo 'Cargar contenido remoto en mensajes', lo que permite a atacantes remotos descubrir direcciones IP recipientes mediante la inclusión de una imagen 'in... • http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4491 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4491
28 Jan 2015 — The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Las APIs de extensiónTen el kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no previene la presencia de direcciones dentro de una clave OSBundleMachOHeaders en una ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 5CVE-2014-8826 – Apple Mac OSX < 10.10.x - GateKeeper Bypass
https://notcve.org/view.php?id=CVE-2014-8826
28 Jan 2015 — LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to ... • https://packetstorm.news/files/id/130147 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8829 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8829
28 Jan 2015 — SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various ot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4497 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-4497
28 Jan 2015 — Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. Error de signo de enteros en IOBluetoothFamily en la implementación Bluetooth en Apple OS X anterior a 10.10 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (escritura a la memoria del kernel) a través de... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8821 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8821
28 Jan 2015 — The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. Intel Graphics Driver en Apple OS X anterior a 10.10.2 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8819 y CVE-2014-8820. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache c... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8833 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8833
28 Jan 2015 — SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. SpotlightIndex en Apple OS X anterior a 10.10.2 no realiza correctamente la deserialización durante el acceso a un caché de permisos, lo que permite a usuarios locales leer los resultados asociados con los ficheros protegidos de otros usuarios a través de una consulta Spot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8828 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8828
28 Jan 2015 — Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. Sandbox en Apple OS X anterior a 10.10 permite a atacantes escribir al caché del prefil de las sandbox a través de una aplicación en una sandbox que incluye un segmento com.apple.sandbox en una ruta. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer ove... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2014-8836 – OS X IOKit Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2014-8836
28 Jan 2015 — The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. El controlador Bluetooth en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (bzero de tamaño arbitrario de la memoria del kernel) a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are... • https://packetstorm.news/files/id/133602 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4489 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4489
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no inicializa correctamente las colas de eventos, lo que permite a atacantes ejecutar código arbitrario o causar una denegación... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html •