CVE-2014-4394
https://notcve.org/view.php?id=CVE-2014-4394
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401 y CVE-2014-4416. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69891 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=28 https://exchange.xforce.ibmcloud.com/vulnerabilities/96054 • CWE-20: Improper Input Validation •
CVE-2014-4399
https://notcve.org/view.php?id=CVE-2014-4399
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401 y CVE-2014-4416. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69895 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=30 https://exchange.xforce.ibmcloud.com/vulnerabilities/96059 • CWE-20: Improper Input Validation •
CVE-2014-4413
https://notcve.org/view.php?id=CVE-2014-4413
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-09-17-1 y APPLE-SA-2014-09-17-2. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69881 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96033 https://security.gentoo.org/glsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4419
https://notcve.org/view.php?id=CVE-2014-4419
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a 8 y Apple TV anterior a 7, no inicializa correctamente memoria, lo que permitiría a atacantes obtener contenido sensible de la memoria e información sobre la estructura de la memoria a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4371, CVE-2014-4420, y CVE-2014-4421. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69928 http://www.securitytracker.com •
CVE-2014-4414
https://notcve.org/view.php?id=CVE-2014-4414
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-09-17-1 y APPLE-SA-2014-09-17-2. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69881 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96034 https://security.gentoo.org/glsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •