CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 134CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4390 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4390
19 Sep 2014 — Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Bluetooth en Apple OS X anterior a 10.9.5 no valida debidamente llamadas API, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handli... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4394 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4394
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2014-4376 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4376
19 Sep 2014 — IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. IOKit en IOAcceleratorFamily en Apple OS X anterior a 10.9.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero nulo) a través de una aplicación que provee argumentos de API manipulados. OS X Ma... • http://support.apple.com/kb/HT6443 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4399 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4399
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4403 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4403
19 Sep 2014 — The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. El Kernel en Apple OS X anterior a 10.9.5 permite a usuarios locales obtener información sensible de direcciones y saltarse el mecanismo de protección ASLR mediante el aprovechamiento de previsibilidad de la localización de la CPU Global Descriptor Table. OS X Mavericks 10.9.5 and Security U... • http://support.apple.com/kb/HT6443 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2014-4393 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4393
19 Sep 2014 — Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. Desbordamiento de buffer en el compilador de sombreado en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un sombreado GLSL manipula... • http://support.apple.com/kb/HT6443 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4401 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4401
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4398 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4398
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4396 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4396
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •