CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4433 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4433
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Desbordamiento de buffer basado en memoria dinámica en el kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos ejecutar código arbitrario a través de bifurcaciones de recurso manipuladas en un sistema de ficheros HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70620 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97634 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4437
https://notcve.org/view.php?id=CVE-2014-4437
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. LaunchServices en Apple OS X anterior a 10.10 permite a atacantes evadir restricciones de sandbox a través de una aplicación que especifica un manejador manipulado para el campo Content-Type de un objeto. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70627 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97631 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4438
https://notcve.org/view.php?id=CVE-2014-4438
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Condición de carrera en LoginWindow en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida en la cual se ha intentado bloquear la pantalla. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70622 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97630 https://support.apple.com/kb/HT6535 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4444
https://notcve.org/view.php?id=CVE-2014-4444
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. SecurityAgent en Apple OS X anterior a 10.10 no asegura que un ticket Kerberos está en el caché para el usuario correcto, lo que permite a usuarios locales ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de un inicio de sesión Fast User Switching. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97623 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4436
https://notcve.org/view.php?id=CVE-2014-4436
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70616 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97635 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •