CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8837
https://notcve.org/view.php?id=CVE-2014-8837
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100491 •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-8830
https://notcve.org/view.php?id=CVE-2014-8830
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Desbordamiento de buffer basado en memoria dinámica en SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un elemento de acceso manipulado en un fichero Collada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100524 https://support.apple.com/HT204659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2014-8817
https://notcve.org/view.php?id=CVE-2014-8817
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. coresymbolicationd en CoreSymbolication en Apple OS X anterior a 10.10.2 no verifica que los tipos de datos esperados están presentes en los mensajes XPC, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, tal y como fue demostrado mediante la falta de verificación de valores de retorno de la API xpc_dictionary_get_value durante el manejo de un comando (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, o (4) read_mmap_archive. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://code.google.com/p/google-security-research/issues/detail?id=80 https://exchange.xforce.ibmcloud.com/vulnerabilities/100496 • CWE-19: Data Processing Errors •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8816
https://notcve.org/view.php?id=CVE-2014-8816
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. CoreGraphics en Apple OS X anterior a 10.10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un documento PDF manipulado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100495 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8824
https://notcve.org/view.php?id=CVE-2014-8824
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. El kernel en Apple OS X anterior a 10.10.2 no valida correctamente los campos de metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100516 • CWE-20: Improper Input Validation •