CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1359
https://notcve.org/view.php?id=CVE-2014-1359
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Subdesbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://packetstormsecurity.com/files/167630/launchd-Heap-Corruption.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 • CWE-189: Numeric Errors •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1380
https://notcve.org/view.php?id=CVE-2014-1380
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. El componente Security - Keychain en Apple OS X anterior a 10.9.4 no implementa debidamente observadores de pulsaciones del teclado, lo que permite a atacantes físicamente próximos evadir el mecanismo de protección del bloque de pantalla, e introducir caracteres en una ventana arbitraria por debajo de la ventana de bloqueo, a través de entradas en el teclado. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1381
https://notcve.org/view.php?id=CVE-2014-1381
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. Thunderbolt en Apple OS X anterior a 10.9.4 no restringe debidamente las llamadas IOThunderBoltController API, lo que permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de una llamada manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1375
https://notcve.org/view.php?id=CVE-2014-1375
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Intel Graphics Driver en Apple OS X anterior a 10.9.4 permite a usuarios locales evadir el mecanismo de protección ASLR mediante el aprovechamiento del acceso de lectura a un puntero del kernel en un objeto IOKit. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1317
https://notcve.org/view.php?id=CVE-2014-1317
iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. iBooks Commerce en Apple OS X anterior a 10.9.4 coloca credenciales Apple ID en el registro de iBooks, lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •