CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8833 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8833
28 Jan 2015 — SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. SpotlightIndex en Apple OS X anterior a 10.10.2 no realiza correctamente la deserialización durante el acceso a un caché de permisos, lo que permite a usuarios locales leer los resultados asociados con los ficheros protegidos de otros usuarios a través de una consulta Spot... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8825 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8825
28 Jan 2015 — The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. El kernel en Apple OS X anterior a 10.10.2 no realiza correctamente la validación identitysvc de cierta funcionalidad de los servicios del directorio, lo que permite a usuarios locales ganar privilegios o falsificar respuestas de los servicios del directorio a través de ve... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4499 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-4499
28 Jan 2015 — The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. El proceso App Store en CommerceKit Framework en Apple OS X anterior a 10.10.2 coloca las credenciales de identificación de Apple en los registros de App Store, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. OS X 10.10.2 and Security Update 2015-001 are now avai... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8824 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8824
28 Jan 2015 — The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. El kernel en Apple OS X anterior a 10.10.2 no valida correctamente los campos de metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address informati... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 8%CPEs: 3EXPL: 0CVE-2014-4485 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4485
28 Jan 2015 — Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Desbordamiento de buffer en el analizador sintáctico de XML en Foundation en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (c... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8832 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8832
28 Jan 2015 — The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. OS X 10.10.2 and Security Update 2015-001 are now availabl... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2014-4483 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4483
28 Jan 2015 — Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. Desbordamiento de buffer en FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un fic... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 4CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
https://notcve.org/view.php?id=CVE-2014-4492
28 Jan 2015 — libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esp... • https://packetstorm.news/files/id/134393 • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2014-8817 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-8817
28 Jan 2015 — coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. coresymbolicationd en CoreSymbolication en Apple OS X anterior a ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-19: Data Processing Errors •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 5CVE-2014-8835 – Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8835
28 Jan 2015 — The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. La función xpc_data_get_bytes en libxpc en Apple OS X anterior a 10.10.2 no verifica que la clave de atributos de un diccionario tiene el tipo de datos xpc_data, lo que permite a atacantes ejecutar código arbitrario mediante ... • https://packetstorm.news/files/id/135701 • CWE-19: Data Processing Errors •