CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1380 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1380
01 Jul 2014 — The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. El componente Security - Keychain en Apple OS X anterior a 10.9.4 no implementa debidamente observadores de pulsaciones del teclado, lo que permite a atacantes físicamente próximos evadir el mecanismo de protección del b... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1372 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1372
01 Jul 2014 — Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente operaciones de lectura durante el procesamiento de una llamada del sistema no especificada, lo que permite a usuarios locales obtener información sensible de la memor... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1317 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1317
01 Jul 2014 — iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. iBooks Commerce en Apple OS X anterior a 10.9.4 coloca credenciales Apple ID en el registro de iBooks, lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox circumven... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1375 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1375
01 Jul 2014 — Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Intel Graphics Driver en Apple OS X anterior a 10.9.4 permite a usuarios locales evadir el mecanismo de protección ASLR mediante el aprovechamiento del acceso de lectura a un puntero del kernel en un objeto IOKit. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, s... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1356 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1356
01 Jul 2014 — Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. Desbordamiento de buffer basado en memoria dinámica en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada que envía mensajes IPC. OS X Mavericks 10.9.4 and Security Updat... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-7040 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2013-7040
19 May 2014 — Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. Python 2.7 anterior a 3.4 solamente utiliza las últimas ocho parte... • http://bugs.python.org/issue14621 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2014-1296 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2014-1296
23 Apr 2014 — CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. CFNetwork en Apple iOS anterior a 7.1.1, Apple OS X hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que una cabecera HTTP de con... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 1CVE-2014-1295 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2014-1295
23 Apr 2014 — Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." Secure Transport en Apple iOS anterior a 7.1.1, Apple OS X 10.8.x y 10.9.x hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que el certificado X.5... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2014-1322 – Apple Mac OSX - Local Security Bypass
https://notcve.org/view.php?id=CVE-2014-1322
23 Apr 2014 — The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. El kernel en Apple OS X hasta 10.9.2 coloca un puntero de kernel en una estructura de datos de objeto XNU accesible de espacio de usuario, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la lectura de un atributo no especi... • https://www.exploit-db.com/exploits/39147 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1321 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2014-1321
23 Apr 2014 — Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. Power Management en Apple OS X 10.9.x hasta 10.9.2 permite a atacantes físicamente próximos evadir transición en el estado de pantalla bloqueada tocando (1) una clave o (2) el Trackpad durante una acción de cierre de tapa. Security Update 2014-002 is now available and addresses vulnerabili... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-264: Permissions, Privileges, and Access Controls •