CVSS: 9.8EPSS: 7%CPEs: 23EXPL: 0CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1371
01 Jul 2014 — Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acce... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1379 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1379
01 Jul 2014 — Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. Graphics Drivers en Apple OS X anterior a 10.9.4 permite a atacantes ganar privilegios o causar una denegación de servicio (referencia a puntero nulo y caída de sistema) a través de un fichero ejecutable de 32-bits para una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are ... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 7.8EPSS: 6%CPEs: 23EXPL: 0CVE-2014-1370 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1370
01 Jul 2014 — The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. La implementación de intercambio de bytes en copyfile en Apple OS X anterior a 10.9.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero App... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1373 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1373
01 Jul 2014 — Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenGL API no especificada, lo que permite a atacantes remotos ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1376 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1376
01 Jul 2014 — Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Compute en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenCL API no especificada, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1372 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1372
01 Jul 2014 — Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente operaciones de lectura durante el procesamiento de una llamada del sistema no especificada, lo que permite a usuarios locales obtener información sensible de la memor... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1377 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1377
01 Jul 2014 — Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Error en el indice del array en IOAcceleratorFamily en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox circumvention, bypass, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-7040 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2013-7040
19 May 2014 — Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. Python 2.7 anterior a 3.4 solamente utiliza las últimas ocho parte... • http://bugs.python.org/issue14621 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1318 – (Pwn2Own\Pwn4Fun) Apple OS X Graphics Driver Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1318
23 Apr 2014 — The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. Intel Graphics Driver en Apple OS X hasta 10.9.2 no valida debidamente cierto puntero, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit thi... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2014-1296 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2014-1296
23 Apr 2014 — CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. CFNetwork en Apple iOS anterior a 7.1.1, Apple OS X hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que una cabecera HTTP de con... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-264: Permissions, Privileges, and Access Controls •