CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4427 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4427
17 Oct 2014 — App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4442
17 Oct 2014 — The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4434 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4434
17 Oct 2014 — The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. El kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un nombre de fichero manipulado en un sistema de archivos HFS. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Ap... • https://packetstorm.news/files/id/134091 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 116EXPL: 0CVE-2014-3660 – libxml2: denial of service via recursive entity expansion
https://notcve.org/view.php?id=CVE-2014-3660
17 Oct 2014 — parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. parser.c en libxml2 anterior a 2.9.2 no previene debidamente la expansión de entidades incluso cuando la substitución de entidades haya sido deshabilitada, lo que permite a at... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4428 – Apple Security Advisory 2014-10-20-1
https://notcve.org/view.php?id=CVE-2014-4428
17 Oct 2014 — Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Bluetooth en Apple OS X anterior a 10.10 no requiere cifrado para dispositivos HID de baja energía, lo que permite a atacantes remotos suplantar un dispositivo mediante el aprovechamiento de un emparejamiento previo. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulner... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4426 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4426
17 Oct 2014 — AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. AFP File Server en Apple OS X anterior a 10.10 permite a atacantes remotos descubrir todas las direcciones de red de todas las interfaces a través de un comando no especificado hacia una interfaz. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overf... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4425 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4425
17 Oct 2014 — CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuración 'requerir contraseña tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes físicamente próximos obtener acceso a una estación de trabajo desatendida. OS X Y... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4435 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4435
17 Oct 2014 — The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4439 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4439
17 Oct 2014 — Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Mail en Apple OS X anterior a 10.10 no reconoce debidamente la eliminación de una dirección de recipiente de un mensaje, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas mediante la le... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4417 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4417
17 Oct 2014 — Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push man... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-20: Improper Input Validation •