CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4499
https://notcve.org/view.php?id=CVE-2014-4499
30 Jan 2015 — The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. El proceso App Store en CommerceKit Framework en Apple OS X anterior a 10.10.2 coloca las credenciales de identificación de Apple en los registros de App Store, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 36CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
28 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 18%CPEs: 3EXPL: 0CVE-2014-4484 – Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4484
27 Jan 2015 — FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero .dfont manip... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 1%CPEs: 32EXPL: 3CVE-2015-0973
https://notcve.org/view.php?id=CVE-2015-0973
18 Jan 2015 — Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Desbordamiento de buffer en la función png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de datos IDAT con una anchura grande, una vulnerabi... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8151 – Gentoo Linux Security Advisory 201701-47
https://notcve.org/view.php?id=CVE-2014-8151
15 Jan 2015 — The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La función darwinssl_connect_step1 en lib/vtls/curl_darwinssl.c en libcurl 7.31.0 hasta 7.39.0, cuando utiliza el backend DarwinSSL (también conocido como SecureTransport)... • http://curl.haxx.se/docs/adv_20150108A.html •
CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 0CVE-2014-9495
https://notcve.org/view.php?id=CVE-2014-9495
10 Jan 2015 — Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Desbordamiento de buffer basado en memoria dinámica en la función png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podría permitir a atacantes dependientes del contexto eje... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9425 – php: Double-free in zend_ts_hash_graceful_destroy()
https://notcve.org/view.php?id=CVE-2014-9425
31 Dec 2014 — Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de doble liberación en la función zend_ts_hash_graceful_destroy en zend_ts_hash.c en Zend Engine en PHP hasta 5.5.20 y 5.6.x hasta 5.6.4 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener o... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
15 Dec 2014 — The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 2CVE-2014-9365 – python: failure to validate certificates in the HTTP client with TLS (PEP 476)
https://notcve.org/view.php?id=CVE-2014-9365
12 Dec 2014 — The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Los clientes HTTP en las libraria... • http://bugs.python.org/issue22417 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3613 – curl: incorrect handling of IP addresses in cookie domain
https://notcve.org/view.php?id=CVE-2014-3613
18 Nov 2014 — cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como or... • http://curl.haxx.se/docs/adv_20140910A.html • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •