CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4435 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4435
17 Oct 2014 — The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4441 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4441
17 Oct 2014 — NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. NetFS Client Framework en Apple OS X anterior a 10.10 no asegura que la deshabilitación de ficheros compartidos sea siempre posible, lo que permite a atacantes remotos leer o escribir en ficheros mediante el aprovechamiento de un estado en que el compartir ficheros e... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-4351 – Apple Security Advisory 2014-10-22-1
https://notcve.org/view.php?id=CVE-2014-4351
17 Oct 2014 — Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. Desbordamiento de buffer en QuickTime para Apple OS X anterior a 10.10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de muestras manipuladas de audio en un archivo m4a. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP f... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4438 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4438
17 Oct 2014 — Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Condición de carrera en LoginWindow en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida en la cual se ha intentado bloquear la pantalla. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4427 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4427
17 Oct 2014 — App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 0CVE-2014-4391 – Apple OS X GateKeeper Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-4391
17 Oct 2014 — The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. La característica Firma de Código (Code Signing) en Apple OS X anterior a 10.10 no maneja debidamente los recursos incompletos en grupos firmados, lo que permite a atacantes remotos evadir las restricciones de app-author omitiendo un recurso relacionado con la ejecución... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4433 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4433
17 Oct 2014 — Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Desbordamiento de buffer basado en memoria dinámica en el kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos ejecutar código arbitrario a través de bifurcaciones de recurso manipuladas en un sistema de ficheros HFS. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, Ap... • https://packetstorm.news/files/id/134091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4430 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4430
17 Oct 2014 — CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. OS X Yosemite v10.10 is now available and addresses 8... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4417 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4417
17 Oct 2014 — Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push man... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4425 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4425
17 Oct 2014 — CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuración 'requerir contraseña tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes físicamente próximos obtener acceso a una estación de trabajo desatendida. OS X Y... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •