CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4430 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4430
17 Oct 2014 — CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. OS X Yosemite v10.10 is now available and addresses 8... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4427 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4427
17 Oct 2014 — App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4442
17 Oct 2014 — The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4432 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4432
17 Oct 2014 — fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener da... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 3CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
08 Oct 2014 — Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handl... • http://bugs.python.org/issue21831 • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4373 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4373
17 Sep 2014 — The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. El controlador IntelAccelerator en el subsistema IOAcceleratorFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. Apple TV 7 is now ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 2CVE-2014-4377 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4377
17 Sep 2014 — Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de entero en CoreGraphics en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (cuelgue de la aplicación) a través de un documento PDF manipulado. OS X Mavericks 10.9.5 and Security Update 2014-004 are n... • https://github.com/feliam/CVE-2014-4377 • CWE-189: Numeric Errors •