CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1357 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1357
01 Jul 2014 — Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. Desbordamiento de buffer basado en memoria dinámica en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada que genera mensajes del registro. OS X Mavericks 10.9.4 and ... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1373 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1373
01 Jul 2014 — Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenGL API no especificada, lo que permite a atacantes remotos ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1376 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1376
01 Jul 2014 — Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Compute en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenCL API no especificada, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1378 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1378
01 Jul 2014 — IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. IOGraphicsFamily en Apple OS X anterior a 10.9.4 permite a usuarios locales evadir el mecanismo de protección ASLR mediante el aprovechamiento del acceso de lectura a un puntero del kernel en un objeto IOKit. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox cir... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1355 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1355
01 Jul 2014 — The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. La implementación IOKit en el kernel en Apple iOS anterior a 7.1.2 y Apple TV anterior a 6.1.2, y en IOReporting en Apple OS X anterior a 10.9.4, permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y reinicio) a través de a... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 9.8EPSS: 7%CPEs: 23EXPL: 0CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1371
01 Jul 2014 — Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acce... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1380 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1380
01 Jul 2014 — The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. El componente Security - Keychain en Apple OS X anterior a 10.9.4 no implementa debidamente observadores de pulsaciones del teclado, lo que permite a atacantes físicamente próximos evadir el mecanismo de protección del b... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1372 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1372
01 Jul 2014 — Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente operaciones de lectura durante el procesamiento de una llamada del sistema no especificada, lo que permite a usuarios locales obtener información sensible de la memor... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1317 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1317
01 Jul 2014 — iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. iBooks Commerce en Apple OS X anterior a 10.9.4 coloca credenciales Apple ID en el registro de iBooks, lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox circumven... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1375 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1375
01 Jul 2014 — Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Intel Graphics Driver en Apple OS X anterior a 10.9.4 permite a usuarios locales evadir el mecanismo de protección ASLR mediante el aprovechamiento del acceso de lectura a un puntero del kernel en un objeto IOKit. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, s... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •