CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
15 Dec 2014 — The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 2CVE-2014-9365 – python: failure to validate certificates in the HTTP client with TLS (PEP 476)
https://notcve.org/view.php?id=CVE-2014-9365
12 Dec 2014 — The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Los clientes HTTP en las libraria... • http://bugs.python.org/issue22417 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1595 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-1595
11 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-199: Information Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8611 – FreeBSD Security Advisory - stdio Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-8611
10 Dec 2014 — The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. Vulnerabilidad en la función __sflush en fflush.c en stdio en libc en FreeBSD 10.1 y el kernel en Apple iOS en versiones anteriores a la 9, no maneja correctamente fallos de la llamada del sistema de escritura,... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 90EXPL: 0CVE-2014-4453 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4453
18 Nov 2014 — Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 incluiye datos de localización durante el establecimiento de una conexión en el servidor de Spotlight Suggestions por Spotlight o Safari, lo que podría permitir a atacantes remotos obtener información sensibl... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 10%CPEs: 7EXPL: 0CVE-2014-4459 – Apple Security Advisory 2014-12-3-1
https://notcve.org/view.php?id=CVE-2014-4459
18 Nov 2014 — Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html •
CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2014-4458 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4458
18 Nov 2014 — The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. El componente 'System Profiler About This Mac' en Apple OS X anterior a 10.10.1 incluye datos extraños en la cookie en peticiones 'sistema-modelo', lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados. OS X 10.10.1 is now availab... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4461 – Apple Security Advisory 2014-11-17-3
https://notcve.org/view.php?id=CVE-2014-4461
18 Nov 2014 — The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. El kernel en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2, no valida correctamente los metadatos del objeto IOSharedDataQueue, lo que permite a atacantes ejecutar código remoto en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update ... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2014-4460 – Apple Security Advisory 2014-11-17-2
https://notcve.org/view.php?id=CVE-2014-4460
18 Nov 2014 — CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. CFNetwork en Apple iOS anterior a 8.1.1 y OS X anterior a 10.10.1 no limpia debidamente la caché de navegación sobre una transición del modo de navegación privada, lo que facilita a atacantes físicamente próximos obtener información sensible median... • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3707 – curl: incorrect handle duplication after COPYPOSTFIELDS
https://notcve.org/view.php?id=CVE-2014-3707
10 Nov 2014 — The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que p... • http://curl.haxx.se/docs/adv_20141105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •