CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4432
https://notcve.org/view.php?id=CVE-2014-4432
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener datos en claro mediante el aprovechamiento de la ignorancia del requisito de reinicio. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70632 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97637 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442
https://notcve.org/view.php?id=CVE-2014-4442
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70624 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97632 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4430
https://notcve.org/view.php?id=CVE-2014-4430
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70628 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97639 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4431
https://notcve.org/view.php?id=CVE-2014-4431
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Dock en Apple OS X anterior a 10.10 no gestiona debidamente el estado de la pantalla de bloqueo, lo que permite a atacantes físicamente próximos ver ventanas mediante el aprovechamiento de una estación de trabajo desatendida. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70633 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97638 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4433 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4433
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Desbordamiento de buffer basado en memoria dinámica en el kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos ejecutar código arbitrario a través de bifurcaciones de recurso manipuladas en un sistema de ficheros HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70620 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97634 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •