CVSS: 4.6EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1265
https://notcve.org/view.php?id=CVE-2014-1265
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. El programa systemsetup en el subsistema de fecha y hora en Apple OS X anterior a 10.9.2 permite a usuarios locales evadir restricciones de acceso mediante el cambio la hora actual en el reloj del sistema. • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1262
https://notcve.org/view.php?id=CVE-2014-1262
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipulados que provocan una corrupción de memoria. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1263
https://notcve.org/view.php?id=CVE-2014-1263
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509 de servidores HTTPS que son accedidos mediante el uso de una dirección IP numérica, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://curl.haxx.se/docs/adv_20140326C.html http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://support.apple.com/kb/HT6150 http://twitter.com/agl__/statuses/437029812046422016 http://twitter.com/okoeroo/statuses/437272014043496449 http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release http://www.getchef.com/blog/2014/ • CWE-310: Cryptographic Issues •
CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1257
https://notcve.org/view.php?id=CVE-2014-1257
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. CFNetwork en Apple OS X hasta 10.8.5 no elimina cookies de sesión en una acción de restablecimiento de Safari, lo que permite a atacantes físicamente próximos evadir restricciones de acceso mediante el aprovechamiento de una estación de trabajo desatendida. • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1255
https://notcve.org/view.php?id=CVE-2014-1255
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •