CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8816
https://notcve.org/view.php?id=CVE-2014-8816
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. CoreGraphics en Apple OS X anterior a 10.10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un documento PDF manipulado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100495 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8829
https://notcve.org/view.php?id=CVE-2014-8829
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100523 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8839
https://notcve.org/view.php?id=CVE-2014-8839
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Spotlight en Apple OS X anterior a 10.10.2 no fuerza la configuración de correo 'Cargar contenido remoto en mensajes', lo que permite a atacantes remotos descubrir direcciones IP recipientes mediante la inclusión de una imagen 'inline' en un mensaje de email en HTML y la registración de solicitudes HTTP para la URL de esta imagen. • http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://securitytracker.com/id/1031521 http://support.apple.com/HT204244 http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates https://exchange.xforce.ibmcloud.com/vulnerabilities/100527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8834
https://notcve.org/view.php?id=CVE-2014-8834
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. UserAccountUpdater en Apple OS X 10.10 anterior a 10.10.2 almacena la contraseña de un documento PDF en un fichero de preferencia de impresión, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100531 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8823
https://notcve.org/view.php?id=CVE-2014-8823
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. La función IOUSBControllerUserClient::ReadRegister en el controlador IOUSB en IOUSBFamily en Apple OS X anterior a 10.10.2 permite a usuarios locales leer datos de localizaciones de la memoria del kernel mediante el aprovechamiento del acceso al root y la provisión de un primer argumento manipulado. • http://code.google.com/p/google-security-research/issues/detail?id=21 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100514 • CWE-264: Permissions, Privileges, and Access Controls •