CVE-2014-4439
https://notcve.org/view.php?id=CVE-2014-4439
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Mail en Apple OS X anterior a 10.10 no reconoce debidamente la eliminación de una dirección de recipiente de un mensaje, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas mediante la lectura de un mensaje dirigido exclusivamente a otros destinatarios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70619 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97629 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4440
https://notcve.org/view.php?id=CVE-2014-4440
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. La implementación MCX Desktop Config Profiles en Apple OS X anterior a 10.10 retiene configuraciones de proxy web de perfiles de configuración móvil desinstalados, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas mediante el aprovechamiento del acceso a un servidor proxy no intencionado. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70631 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97628 https://support.apple.com/kb/HT6535 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4441
https://notcve.org/view.php?id=CVE-2014-4441
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. NetFS Client Framework en Apple OS X anterior a 10.10 no asegura que la deshabilitación de ficheros compartidos sea siempre posible, lo que permite a atacantes remotos leer o escribir en ficheros mediante el aprovechamiento de un estado en que el compartir ficheros está habilitado permanentemente. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97627 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4443
https://notcve.org/view.php?id=CVE-2014-4443
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. Apple OS X anterior a 10.10 permite a usuarios remotos causar una denegación de servicio (referencia a puntero nulo) a través de datos ASN.1 manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70625 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97624 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVE-2014-4426
https://notcve.org/view.php?id=CVE-2014-4426
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. AFP File Server en Apple OS X anterior a 10.10 permite a atacantes remotos descubrir todas las direcciones de red de todas las interfaces a través de un comando no especificado hacia una interfaz. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securityfocus.com/bid/70623 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97643 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •