CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8832
https://notcve.org/view.php?id=CVE-2014-8832
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8823
https://notcve.org/view.php?id=CVE-2014-8823
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. La función IOUSBControllerUserClient::ReadRegister en el controlador IOUSB en IOUSBFamily en Apple OS X anterior a 10.10.2 permite a usuarios locales leer datos de localizaciones de la memoria del kernel mediante el aprovechamiento del acceso al root y la provisión de un primer argumento manipulado. • http://code.google.com/p/google-security-research/issues/detail?id=21 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100514 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8821
https://notcve.org/view.php?id=CVE-2014-8821
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. Intel Graphics Driver en Apple OS X anterior a 10.10.2 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8819 y CVE-2014-8820. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100502 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8831
https://notcve.org/view.php?id=CVE-2014-8831
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. security_taskgate en Apple OS X anterior a 10.10.2 permite a atacantes leer elementos de la cadena de claves group-ACL-restricted de aplicaciones arbitrarias a través de una aplicación manipulada con una firma de un certficado (1) auto firmado o (2) desarollador de identificaciones. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100526 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8825
https://notcve.org/view.php?id=CVE-2014-8825
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. El kernel en Apple OS X anterior a 10.10.2 no realiza correctamente la validación identitysvc de cierta funcionalidad de los servicios del directorio, lo que permite a usuarios locales ganar privilegios o falsificar respuestas de los servicios del directorio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100517 • CWE-20: Improper Input Validation •