CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1595
https://notcve.org/view.php?id=CVE-2014-1595
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es necesario para las aplicaciones basadas en jemalloc, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros /tmp, tal y como fue demostrado por la información de credenciales. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.mozilla.org/security/announce/2014/mfsa2014-90.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 • CWE-199: Information Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8611
https://notcve.org/view.php?id=CVE-2014-8611
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. Vulnerabilidad en la función __sflush en fflush.c en stdio en libc en FreeBSD 10.1 y el kernel en Apple iOS en versiones anteriores a la 9, no maneja correctamente fallos de la llamada del sistema de escritura, lo que permite a atacantes dependientes del contexto ejecutar código o causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html https://support.apple.com/HT205212 https://support.apple.com/HT205267 https://svnweb.freebsd.org/base?view=revision&revision=275665 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4461
https://notcve.org/view.php?id=CVE-2014-4461
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securityfocus.com/bid/71136 http://www.securitytracker.com/id/1031231 https://exchange.xforce.ibmcloud.com/vulnerabilities/98774 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT204420 https://sup • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 2%CPEs: 7EXPL: 0CVE-2014-4459
https://notcve.org/view.php?id=CVE-2014-4459
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://secunia.com/advisories/62503 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple. •
CVSS: 5.0EPSS: 0%CPEs: 90EXPL: 0CVE-2014-4453
https://notcve.org/view.php?id=CVE-2014-4453
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 incluiye datos de localización durante el establecimiento de una conexión en el servidor de Spotlight Suggestions por Spotlight o Safari, lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://secunia.com/advisories/62503 http://secunia.com/advisories/62504 http://www.securityfocus.com/bid/71135 http://www.securitytracker.com/id/1031230 https://exchange.xforce.ibmcloud.com/vulnerabilities/98782 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT204419 https://support.apple.com/en-us/HT6590 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •