CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4432
https://notcve.org/view.php?id=CVE-2014-4432
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener datos en claro mediante el aprovechamiento de la ignorancia del requisito de reinicio. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70632 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97637 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4440
https://notcve.org/view.php?id=CVE-2014-4440
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. La implementación MCX Desktop Config Profiles en Apple OS X anterior a 10.10 retiene configuraciones de proxy web de perfiles de configuración móvil desinstalados, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas mediante el aprovechamiento del acceso a un servidor proxy no intencionado. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70631 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97628 https://support.apple.com/kb/HT6535 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-4443
https://notcve.org/view.php?id=CVE-2014-4443
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. Apple OS X anterior a 10.10 permite a usuarios remotos causar una denegación de servicio (referencia a puntero nulo) a través de datos ASN.1 manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70625 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97624 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442
https://notcve.org/view.php?id=CVE-2014-4442
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70624 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97632 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4441
https://notcve.org/view.php?id=CVE-2014-4441
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. NetFS Client Framework en Apple OS X anterior a 10.10 no asegura que la deshabilitación de ficheros compartidos sea siempre posible, lo que permite a atacantes remotos leer o escribir en ficheros mediante el aprovechamiento de un estado en que el compartir ficheros está habilitado permanentemente. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97627 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •