CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 5CVE-2014-8826 – Apple Mac OSX < 10.10.x - GateKeeper Bypass
https://notcve.org/view.php?id=CVE-2014-8826
28 Jan 2015 — LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to ... • https://packetstorm.news/files/id/130147 • CWE-19: Data Processing Errors •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8827 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8827
28 Jan 2015 — LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. LoginWindow en Apple OS X anterior a 10.10.2 no pasa al estado de bloqueo de pantalla inmediatamente cuando se reactiva el ordenador después de un descanso, lo que permite a atacantes físicamente próximos obtener información sensible mediante la lectura de la pantalla. OS X 10.10.2 and... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8828 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8828
28 Jan 2015 — Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. Sandbox en Apple OS X anterior a 10.10 permite a atacantes escribir al caché del prefil de las sandbox a través de una aplicación en una sandbox que incluye un segmento com.apple.sandbox en una ruta. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer ove... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8829 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8829
28 Jan 2015 — SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various ot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-8830 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2014-8830
28 Jan 2015 — Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Desbordamiento de buffer basado en memoria dinámica en SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un elemento de acceso manipulado en un fichero Collada. OS X 10.10.2 and ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8831 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8831
28 Jan 2015 — security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. security_taskgate en Apple OS X anterior a 10.10.2 permite a atacantes leer elementos de la cadena de claves group-ACL-restricted de aplicaciones arbitrarias a través de una aplicación manipulada con una firma de un certficado (1) auto firmado o (2) desarollador de identificaciones.... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8832 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8832
28 Jan 2015 — The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. OS X 10.10.2 and Security Update 2015-001 are now availabl... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8833 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8833
28 Jan 2015 — SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. SpotlightIndex en Apple OS X anterior a 10.10.2 no realiza correctamente la deserialización durante el acceso a un caché de permisos, lo que permite a usuarios locales leer los resultados asociados con los ficheros protegidos de otros usuarios a través de una consulta Spot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8834 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8834
28 Jan 2015 — UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. UserAccountUpdater en Apple OS X 10.10 anterior a 10.10.2 almacena la contraseña de un documento PDF en un fichero de preferencia de impresión, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. OS X 10.10.2 and Security Update 2015-001 are now available and address info... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 5CVE-2014-8835 – Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8835
28 Jan 2015 — The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. La función xpc_data_get_bytes en libxpc en Apple OS X anterior a 10.10.2 no verifica que la clave de atributos de un diccionario tiene el tipo de datos xpc_data, lo que permite a atacantes ejecutar código arbitrario mediante ... • https://packetstorm.news/files/id/135701 • CWE-19: Data Processing Errors •