CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4438 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4438
17 Oct 2014 — Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Condición de carrera en LoginWindow en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida en la cual se ha intentado bloquear la pantalla. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4434 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4434
17 Oct 2014 — The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. El kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un nombre de fichero manipulado en un sistema de archivos HFS. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Ap... • https://packetstorm.news/files/id/134091 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 116EXPL: 0CVE-2014-3660 – libxml2: denial of service via recursive entity expansion
https://notcve.org/view.php?id=CVE-2014-3660
17 Oct 2014 — parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. parser.c en libxml2 anterior a 2.9.2 no previene debidamente la expansión de entidades incluso cuando la substitución de entidades haya sido deshabilitada, lo que permite a at... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4428 – Apple Security Advisory 2014-10-20-1
https://notcve.org/view.php?id=CVE-2014-4428
17 Oct 2014 — Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Bluetooth en Apple OS X anterior a 10.10 no requiere cifrado para dispositivos HID de baja energía, lo que permite a atacantes remotos suplantar un dispositivo mediante el aprovechamiento de un emparejamiento previo. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulner... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4426 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4426
17 Oct 2014 — AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. AFP File Server en Apple OS X anterior a 10.10 permite a atacantes remotos descubrir todas las direcciones de red de todas las interfaces a través de un comando no especificado hacia una interfaz. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overf... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4436 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4436
17 Oct 2014 — IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4435 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4435
17 Oct 2014 — The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4439 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4439
17 Oct 2014 — Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Mail en Apple OS X anterior a 10.10 no reconoce debidamente la eliminación de una dirección de recipiente de un mensaje, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas mediante la le... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4417 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4417
17 Oct 2014 — Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push man... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-4351 – Apple Security Advisory 2014-10-22-1
https://notcve.org/view.php?id=CVE-2014-4351
17 Oct 2014 — Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. Desbordamiento de buffer en QuickTime para Apple OS X anterior a 10.10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de muestras manipuladas de audio en un archivo m4a. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP f... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •