CVE-2014-4403

EPSS 0.07%
Veröffentlicht 19.09.2014 10:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version10.9

Apple ≫ macOS X Version10.9.1

Apple ≫ macOS X Version10.9.2

Apple ≫ macOS X Version10.9.3

Apple ≫ macOS X Version10.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.225

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://support.apple.com/kb/HT6443

Vendor Advisory

http://www.securitytracker.com/id/1030868

http://www.securityfocus.com/bid/69910

https://exchange.xforce.ibmcloud.com/vulnerabilities/96064

https://nvd.nist.gov/vuln/detail/CVE-2014-4403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4403

EUVD