CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4439
https://notcve.org/view.php?id=CVE-2014-4439
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Mail en Apple OS X anterior a 10.10 no reconoce debidamente la eliminación de una dirección de recipiente de un mensaje, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas mediante la lectura de un mensaje dirigido exclusivamente a otros destinatarios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70619 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97629 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4432
https://notcve.org/view.php?id=CVE-2014-4432
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener datos en claro mediante el aprovechamiento de la ignorancia del requisito de reinicio. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70632 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97637 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442
https://notcve.org/view.php?id=CVE-2014-4442
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70624 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97632 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4430
https://notcve.org/view.php?id=CVE-2014-4430
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70628 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97639 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4431
https://notcve.org/view.php?id=CVE-2014-4431
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Dock en Apple OS X anterior a 10.10 no gestiona debidamente el estado de la pantalla de bloqueo, lo que permite a atacantes físicamente próximos ver ventanas mediante el aprovechamiento de una estación de trabajo desatendida. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70633 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97638 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •