CVE-2014-4433 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4433
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Desbordamiento de buffer basado en memoria dinámica en el kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos ejecutar código arbitrario a través de bifurcaciones de recurso manipuladas en un sistema de ficheros HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70620 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97634 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4417
https://notcve.org/view.php?id=CVE-2014-4417
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70629 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97625 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVE-2014-4425
https://notcve.org/view.php?id=CVE-2014-4425
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuración 'requerir contraseña tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes físicamente próximos obtener acceso a una estación de trabajo desatendida. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70630 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97640 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVE-2014-4426
https://notcve.org/view.php?id=CVE-2014-4426
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. AFP File Server en Apple OS X anterior a 10.10 permite a atacantes remotos descubrir todas las direcciones de red de todas las interfaces a través de un comando no especificado hacia una interfaz. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securityfocus.com/bid/70623 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97643 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4427
https://notcve.org/view.php?id=CVE-2014-4427
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70635 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97642 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •