CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4446
https://notcve.org/view.php?id=CVE-2014-4446
Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. Mail Service en Apple OS X Server anterior a 4.0 no fuerza cambios SACL hasta después de un reinicio de servicio, lo que permite a usuarios remotos autenticados evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un cambio efectuado por un administrador. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://www.securitytracker.com/id/1031071 https://exchange.xforce.ibmcloud.com/vulnerabilities/97645 https://support.apple.com/kb/HT6536 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4424
https://notcve.org/view.php?id=CVE-2014-4424
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Wiki Server en CoreCollaboration en Apple OS X Server anterior a 2.2.3 y 3.x anterior a 3.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61305 http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://support.apple.com/kb/HT6449 http://www.securityfocus.com/bid/69918 http://www.securitytracker.com/id/1030869 https://exchange.xforce.ibmcloud.com/vulnerabilities/96048 https://support.apple.com/kb/HT6536 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4406
https://notcve.org/view.php?id=CVE-2014-4406
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html http://www.securityfocus.com/bid/69935 http://www.securitytracker.com/id/1030870 https://exchange.xforce.ibmcloud.com/vulnerabilities/96047 https://support.apple.com/kb/HT6536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo tipo "movie" especialmente manipulado codificado con Sorenson. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78715 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2011-3246
https://notcve.org/view.php?id=CVE-2011-3246
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. CFNetwork en iOS anterior a versión 5.0.1 y Mac OS X versión 10.7 anterior a 10.7.2 de Apple, no analiza apropiadamente las URL, lo que permite a los atacantes remotos desencadenar visitas a sitios web no deseados, y la transmisión de cookies a sitios web no deseados, por medio de una URL de 1) http o (2) https diseñada sin hacer uso de la aplicación. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5052 http://support.apple.com/kb/HT5130 http://www.securityfocus.com/bid/50085 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •