CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4437
https://notcve.org/view.php?id=CVE-2014-4437
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. LaunchServices en Apple OS X anterior a 10.10 permite a atacantes evadir restricciones de sandbox a través de una aplicación que especifica un manejador manipulado para el campo Content-Type de un objeto. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70627 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97631 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4438
https://notcve.org/view.php?id=CVE-2014-4438
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Condición de carrera en LoginWindow en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida en la cual se ha intentado bloquear la pantalla. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70622 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97630 https://support.apple.com/kb/HT6535 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4444
https://notcve.org/view.php?id=CVE-2014-4444
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. SecurityAgent en Apple OS X anterior a 10.10 no asegura que un ticket Kerberos está en el caché para el usuario correcto, lo que permite a usuarios locales ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de un inicio de sesión Fast User Switching. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97623 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4436
https://notcve.org/view.php?id=CVE-2014-4436
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70616 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97635 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4434 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4434
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. El kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un nombre de fichero manipulado en un sistema de archivos HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70618 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97633 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •