|
278411
|
- |
|
apple
|
mac_os_x
|
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4441
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278412
|
- |
|
apple
|
mac_os_x
|
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive …
|
CWE-16
CWE-200
Configuration
Information Exposure
|
CVE-2014-4440
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278413
|
- |
|
apple
|
mac_os_x
|
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunis…
|
CWE-200
Information Exposure
|
CVE-2014-4439
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278414
|
- |
|
apple
|
mac_os_x
|
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
|
CWE-362
Race Condition
|
CVE-2014-4438
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278415
|
- |
|
apple
|
mac_os_x
|
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4437
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278416
|
- |
|
apple
|
mac_os_x
|
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4436
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278417
|
- |
|
apple
|
mac_os_x
|
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access v…
|
CWE-287
Improper Authentication
|
CVE-2014-4435
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278418
|
- |
|
apple
|
mac_os_x
|
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.
|
CWE-20
Improper Input Validation
|
CVE-2014-4434
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278419
|
- |
|
apple
|
mac_os_x
|
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4433
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278420
|
- |
|
apple
|
mac_os_x
|
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attacke…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4432
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
