CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4434 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4434
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. El kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un nombre de fichero manipulado en un sistema de archivos HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70618 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97633 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4435
https://notcve.org/view.php?id=CVE-2014-4435
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta involucrando una serie de reinicios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70638 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97636 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4440
https://notcve.org/view.php?id=CVE-2014-4440
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. La implementación MCX Desktop Config Profiles en Apple OS X anterior a 10.10 retiene configuraciones de proxy web de perfiles de configuración móvil desinstalados, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas mediante el aprovechamiento del acceso a un servidor proxy no intencionado. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70631 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97628 https://support.apple.com/kb/HT6535 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4441
https://notcve.org/view.php?id=CVE-2014-4441
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. NetFS Client Framework en Apple OS X anterior a 10.10 no asegura que la deshabilitación de ficheros compartidos sea siempre posible, lo que permite a atacantes remotos leer o escribir en ficheros mediante el aprovechamiento de un estado en que el compartir ficheros está habilitado permanentemente. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97627 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-4443
https://notcve.org/view.php?id=CVE-2014-4443
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. Apple OS X anterior a 10.10 permite a usuarios remotos causar una denegación de servicio (referencia a puntero nulo) a través de datos ASN.1 manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70625 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97624 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •