CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1372
https://notcve.org/view.php?id=CVE-2014-1372
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente operaciones de lectura durante el procesamiento de una llamada del sistema no especificada, lo que permite a usuarios locales obtener información sensible de la memoria del kernel y evadir el mecanismo de protección ASLR a través de una llamada manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 https://code.google.com/p/google-security-research/issues/detail?id=18 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1379
https://notcve.org/view.php?id=CVE-2014-1379
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. Graphics Drivers en Apple OS X anterior a 10.9.4 permite a atacantes ganar privilegios o causar una denegación de servicio (referencia a puntero nulo y caída de sistema) a través de un fichero ejecutable de 32-bits para una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 https://code.google.com/p/google-security-research/issues/detail?id=20 •
CVSS: 6.8EPSS: 5%CPEs: 23EXPL: 0CVE-2014-1370
https://notcve.org/view.php?id=CVE-2014-1370
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. La implementación de intercambio de bytes en copyfile en Apple OS X anterior a 10.9.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero AppleDouble manipulado en un archivo ZIP. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 23EXPL: 0CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1371
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acceso a una aplicación en una sandbox para enviar un mensaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OS X Dock. The issue lies in the failure to proper sanitize a user-supplied value prior to indexing into an array of function pointers. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1377
https://notcve.org/view.php?id=CVE-2014-1377
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Error en el indice del array en IOAcceleratorFamily en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 https://code.google.com/p/google-security-research/issues/detail?id=17 •