CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8832
https://notcve.org/view.php?id=CVE-2014-8832
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 4CVE-2014-8835 – Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8835
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. La función xpc_data_get_bytes en libxpc en Apple OS X anterior a 10.10.2 no verifica que la clave de atributos de un diccionario tiene el tipo de datos xpc_data, lo que permite a atacantes ejecutar código arbitrario mediante la entrga de un diccionario manipulado a sysmond, relacionado con un problema de 'confusión de tipos de XPC'. OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond. • https://www.exploit-db.com/exploits/35742 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/135701/OS-X-Sysmond-XPC-Type-Confusion-Privilege-Escalation.html http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35742 http://www.securityfocus.com/bid/71992 http://www.securitytracker.com/id/1031650 https://code.google.com/p/google-security-research/issues/detail?id=121 https://exchange.xforce.ibmcloud.com/vulnerabilitie • CWE-19: Data Processing Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8837
https://notcve.org/view.php?id=CVE-2014-8837
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100491 •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4CVE-2014-8826 – Apple Mac OSX < 10.10.x - GateKeeper Bypass
https://notcve.org/view.php?id=CVE-2014-8826
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine. • https://www.exploit-db.com/exploits/35934 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.html http://seclists.org/fulldisclosure/2015/Jan/109 http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35934 http://www.osvdb.org/117659 http://www.securityfocus.com/archive/1/534567/100/0/threaded http://www.securityfocus.com/bid/72341 http://www.securitytracker.com/id/1031650& • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4497
https://notcve.org/view.php?id=CVE-2014-4497
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. Error de signo de enteros en IOBluetoothFamily en la implementación Bluetooth en Apple OS X anterior a 10.10 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (escritura a la memoria del kernel) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 • CWE-189: Numeric Errors •