CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 0CVE-2014-4453 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4453
18 Nov 2014 — Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 incluiye datos de localización durante el establecimiento de una conexión en el servidor de Spotlight Suggestions por Spotlight o Safari, lo que podría permitir a atacantes remotos obtener información sensibl... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2014-4458 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4458
18 Nov 2014 — The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. El componente 'System Profiler About This Mac' en Apple OS X anterior a 10.10.1 incluye datos extraños en la cookie en peticiones 'sistema-modelo', lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados. OS X 10.10.1 is now availab... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2014-4459 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4459
18 Nov 2014 — Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2014-4460 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4460
18 Nov 2014 — CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. CFNetwork en Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 no limpia debidamente la caché de navegación sobre una transición del modo de navegación privada, lo que facilita a atacantes físicamente próximos obtener información sensible median... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 18EXPL: 0CVE-2014-4461 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4461
18 Nov 2014 — The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3707 – curl: incorrect handle duplication after COPYPOSTFIELDS
https://notcve.org/view.php?id=CVE-2014-3707
10 Nov 2014 — The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que p... • http://curl.haxx.se/docs/adv_20141105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 9.8EPSS: 84%CPEs: 25EXPL: 3CVE-2014-8517 – tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side
https://notcve.org/view.php?id=CVE-2014-8517
05 Nov 2014 — The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final ... • https://packetstorm.news/files/id/144874 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4391 – Apple OS X GateKeeper Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-4391
17 Oct 2014 — The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. La característica Firma de Código (Code Signing) en Apple OS X anterior a 10.10 no maneja debidamente los recursos incompletos en grupos firmados, lo que permite a atacantes remotos evadir las restricciones de app-author omitiendo un recurso relacionado con la ejecución... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4417 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4417
17 Oct 2014 — Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push man... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4425 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4425
17 Oct 2014 — CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuración 'requerir contraseña tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes físicamente próximos obtener acceso a una estación de trabajo desatendida. OS X Y... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •