CVSS: 6.8EPSS: 2%CPEs: 7EXPL: 0CVE-2014-4459
https://notcve.org/view.php?id=CVE-2014-4459
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://secunia.com/advisories/62503 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple. •
CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 0CVE-2014-4458
https://notcve.org/view.php?id=CVE-2014-4458
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. El componente 'System Profiler About This Mac' en Apple OS X anterior a 10.10.1 incluye datos extraños en la cookie en peticiones 'sistema-modelo', lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://secunia.com/advisories/62503 http://www.securityfocus.com/bid/71139 http://www.securitytracker.com/id/1031230 https://exchange.xforce.ibmcloud.com/vulnerabilities/98785 https://support.apple.com/en-us/HT204419 https://support.apple.com/en-us/HT6591 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 91EXPL: 0CVE-2014-4460
https://notcve.org/view.php?id=CVE-2014-4460
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. CFNetwork en Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 no limpia debidamente la caché de navegación sobre una transición del modo de navegación privada, lo que facilita a atacantes físicamente próximos obtener información sensible mediante la lectura de los archivos de la caché. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securityfocus.com/bid/71135 http://www.securitytracker.com/id/1031230 https://exchange.xforce.ibmcloud.com/vulnerabilities/98783 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT204419 https://sup • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 90EXPL: 0CVE-2014-4453
https://notcve.org/view.php?id=CVE-2014-4453
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 incluiye datos de localización durante el establecimiento de una conexión en el servidor de Spotlight Suggestions por Spotlight o Safari, lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://secunia.com/advisories/62503 http://secunia.com/advisories/62504 http://www.securityfocus.com/bid/71135 http://www.securitytracker.com/id/1031230 https://exchange.xforce.ibmcloud.com/vulnerabilities/98782 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT204419 https://support.apple.com/en-us/HT6590 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4461
https://notcve.org/view.php?id=CVE-2014-4461
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securityfocus.com/bid/71136 http://www.securitytracker.com/id/1031231 https://exchange.xforce.ibmcloud.com/vulnerabilities/98774 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT204420 https://sup • CWE-20: Improper Input Validation •