CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4439
https://notcve.org/view.php?id=CVE-2014-4439
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Mail en Apple OS X anterior a 10.10 no reconoce debidamente la eliminación de una dirección de recipiente de un mensaje, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas mediante la lectura de un mensaje dirigido exclusivamente a otros destinatarios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70619 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97629 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4438
https://notcve.org/view.php?id=CVE-2014-4438
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Condición de carrera en LoginWindow en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida en la cual se ha intentado bloquear la pantalla. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70622 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97630 https://support.apple.com/kb/HT6535 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4437
https://notcve.org/view.php?id=CVE-2014-4437
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. LaunchServices en Apple OS X anterior a 10.10 permite a atacantes evadir restricciones de sandbox a través de una aplicación que especifica un manejador manipulado para el campo Content-Type de un objeto. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70627 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97631 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4435
https://notcve.org/view.php?id=CVE-2014-4435
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta involucrando una serie de reinicios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70638 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97636 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4434 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4434
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. El kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un nombre de fichero manipulado en un sistema de archivos HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70618 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97633 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •