|
279551
|
- |
|
apple
|
mac_os_x
|
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
|
CWE-310
Cryptographic Issues
|
CVE-2014-4428
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279552
|
- |
|
apple
|
mac_os_x
|
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4427
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279553
|
- |
|
apple
|
mac_os_x
|
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
|
CWE-200
Information Exposure
|
CVE-2014-4426
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279554
|
- |
|
apple
|
mac_os_x
|
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtai…
|
CWE-287
Improper Authentication
|
CVE-2014-4425
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279555
|
- |
|
apple
|
mac_os_x
|
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception …
|
CWE-20
Improper Input Validation
|
CVE-2014-4417
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279556
|
- |
|
apple
|
mac_os_x
|
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions …
|
CWE-310
Cryptographic Issues
|
CVE-2014-4391
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279557
|
- |
|
apple
|
mac_os_x
|
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4351
|
2024-11-21 11:10 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279558
|
- |
|
textpattern
|
textpattern
|
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4737
|
2024-11-21 11:10 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279559
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to dis…
|
CWE-200
Information Exposure
|
CVE-2014-4761
|
2024-11-21 11:10 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279560
|
- |
|
hp
|
records_manager
|
Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4661
|
2024-11-21 11:10 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
