CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2014-4393
https://notcve.org/view.php?id=CVE-2014-4393
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. Desbordamiento de buffer en el compilador de sombreado en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un sombreado GLSL manipulado. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69916 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 69%CPEs: 8EXPL: 0CVE-2014-4350 – Apple QuickTime MIDI Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4350
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. Desbordamiento de buffer en QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un fichero MIDI manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MIDI events. An arithmetic overflow in the handling of the sizes of certain events allows for an attacker to overflow a heap buffer. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69908 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96050 https://support.apple.com/kb/HT6493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4400
https://notcve.org/view.php?id=CVE-2014-4400
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401 y CVE-2014-4416. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69896 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=30 https://exchange.xforce.ibmcloud.com/vulnerabilities/96060 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4397
https://notcve.org/view.php?id=CVE-2014-4397
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401 y CVE-2014-4416. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69893 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=30 https://exchange.xforce.ibmcloud.com/vulnerabilities/96057 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4390
https://notcve.org/view.php?id=CVE-2014-4390
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Bluetooth en Apple OS X anterior a 10.9.5 no valida debidamente llamadas API, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69901 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96052 • CWE-20: Improper Input Validation •