CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1257 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1257
26 Feb 2014 — CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. CFNetwork en Apple OS X hasta 10.8.5 no elimina cookies de sesión en una acción de restablecimiento de Safari, lo que permite a atacantes físicamente próximos evadir restricciones de acceso mediante el aprovechamiento de una estación de trabajo desatendida. OS X Mavericks 10.9.2 and Secur... • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1260 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1260
26 Feb 2014 — QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. QuickLook en Apple OS X hasta 10.8.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un documento de Microsoft Office manipulado. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresse... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1261 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1261
26 Feb 2014 — Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. Error de signo de enteros en CoreText en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una fuente Unicode manipulada. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple sec... • http://support.apple.com/kb/HT6150 • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1255 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1255
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses m... • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-1268 – Apple Security Advisory 2014-02-25-2
https://notcve.org/view.php?id=CVE-2014-1268
26 Feb 2014 — WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270. WebKit, tal como es utilizado en Apple Safari anterior a 6.1.2 y 7.x anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de ... • http://support.apple.com/kb/HT6145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1262 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1262
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipulados que provocan una corrupción de memoria. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vu... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-1270 – Apple Security Advisory 2014-03-10-2
https://notcve.org/view.php?id=CVE-2014-1270
26 Feb 2014 — WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269. WebKit, tal como es utilizado en Apple Safari anterior a 6.1.2 y 7.x anterior a 7.0.2, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de ... • http://support.apple.com/kb/HT6145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1263 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1263
26 Feb 2014 — curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509 d... • http://curl.haxx.se/docs/adv_20140326C.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1258 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1258
26 Feb 2014 — Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. Desbordamiento de buffer basado en pila en CoreAnimation en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen manipulada. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses m... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1256 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1256
26 Feb 2014 — Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Desbordamiento de buffer en Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipilados. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •