CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4400
https://notcve.org/view.php?id=CVE-2014-4400
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401 y CVE-2014-4416. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69896 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=30 https://exchange.xforce.ibmcloud.com/vulnerabilities/96060 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4416
https://notcve.org/view.php?id=CVE-2014-4416
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 no valida debidamente las llamadas, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400 y CVE-2014-4401. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69898 http://www.securitytracker.com/id/1030868 https://code.google.com/p/google-security-research/issues/detail?id=34 https://exchange.xforce.ibmcloud.com/vulnerabilities/96062 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4403
https://notcve.org/view.php?id=CVE-2014-4403
The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. El Kernel en Apple OS X anterior a 10.9.5 permite a usuarios locales obtener información sensible de direcciones y saltarse el mecanismo de protección ASLR mediante el aprovechamiento de previsibilidad de la localización de la CPU Global Descriptor Table. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69910 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2014-4393
https://notcve.org/view.php?id=CVE-2014-4393
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. Desbordamiento de buffer en el compilador de sombreado en el subsistema Intel Graphics Driver en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un sombreado GLSL manipulado. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69916 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 69%CPEs: 8EXPL: 0CVE-2014-4350 – Apple QuickTime MIDI Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4350
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. Desbordamiento de buffer en QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un fichero MIDI manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MIDI events. An arithmetic overflow in the handling of the sizes of certain events allows for an attacker to overflow a heap buffer. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69908 http://www.securitytracker.com/id/1030868 https://exchange.xforce.ibmcloud.com/vulnerabilities/96050 https://support.apple.com/kb/HT6493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •