CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2234
https://notcve.org/view.php?id=CVE-2014-2234
05 Mar 2014 — A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application. Cierto parche de Apple para OpenSSL en Apple OS X 10.9.2 y anteriores utiliza una funcionalidad... • https://hynek.me/articles/apple-openssl-verification-surprises • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1265 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1265
26 Feb 2014 — The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. El programa systemsetup en el subsistema de fecha y hora en Apple OS X anterior a 10.9.2 permite a usuarios locales evadir restricciones de acceso mediante el cambio la hora actual en el reloj del sistema. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues includin... • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1259 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1259
26 Feb 2014 — Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. Desbordamiento de buffer en File Bookmark en Apple OS X anterior a 10.9.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un nombre de archivo manipulado. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues incl... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-1269 – Apple Security Advisory 2014-03-10-2
https://notcve.org/view.php?id=CVE-2014-1269
26 Feb 2014 — WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270. WebKit, tal como es utilizado en Apple Safari anterior a 6.1.2 y 7.x anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de ... • http://support.apple.com/kb/HT6145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1261 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1261
26 Feb 2014 — Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. Error de signo de enteros en CoreText en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una fuente Unicode manipulada. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple sec... • http://support.apple.com/kb/HT6150 • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1255 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1255
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses m... • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-1268 – Apple Security Advisory 2014-02-25-2
https://notcve.org/view.php?id=CVE-2014-1268
26 Feb 2014 — WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270. WebKit, tal como es utilizado en Apple Safari anterior a 6.1.2 y 7.x anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de ... • http://support.apple.com/kb/HT6145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1262 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1262
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipulados que provocan una corrupción de memoria. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vu... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-1270 – Apple Security Advisory 2014-03-10-2
https://notcve.org/view.php?id=CVE-2014-1270
26 Feb 2014 — WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269. WebKit, tal como es utilizado en Apple Safari anterior a 6.1.2 y 7.x anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de ... • http://support.apple.com/kb/HT6145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1263 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1263
26 Feb 2014 — curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509 d... • http://curl.haxx.se/docs/adv_20140326C.html • CWE-310: Cryptographic Issues •