CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4408 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4408
17 Sep 2014 — The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. La función rt_setgate en el kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (lectura fuera de rango y caída de dispositivo) a través de una llamada manipulada. Apple TV 7 is now available and addresses wifi credenti... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4371 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4371
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. La interfaz network-statistics en el kernel en Apple iOS anterior a 8 y Apple TV anterior 7 no inicializa correctamente la memoria, lo que permite a atacantes obtener información sensible d... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4389 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4389
17 Sep 2014 — Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Desbordamiento de enteros en IOKit en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee argumentos API manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary ... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4413 – Apple Security Advisory 2014-09-17-4
https://notcve.org/view.php?id=CVE-2014-4413
17 Sep 2014 — WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, utilizado en Apple iOS anterior a 8 y Apple TV anterior a 7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de apli... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4419 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4419
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a 8 y Apple TV anterior a 7, no inicializa correctamente memoria, lo que permitiría a atacantes obtener contenido sens... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4420 – Apple Security Advisory 2014-09-17-2
https://notcve.org/view.php?id=CVE-2014-4420
17 Sep 2014 — The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. La interfaz de estadísticas de red en el kernel, en Apple iOS anterior a la versión 8 y en Apple TV anterior a 7 no inicializa correctamente memoria, lo que permitiría a atacantes obtener c... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html •
CVSS: 9.3EPSS: 9%CPEs: 4EXPL: 2CVE-2014-4404 – Apple OS X Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2014-4404
17 Sep 2014 — Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. Desbordamiento de buffer basado en memoria dinámica en IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee propiedades manipuladas de asignación de teclas. A heap overflow in IOHIKey... • https://packetstorm.news/files/id/129344 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3620 – Mandriva Linux Security Advisory 2014-187
https://notcve.org/view.php?id=CVE-2014-3620
11 Sep 2014 — cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. cURL y libcurl anteriores a 7.38.0 permite a atacantes remotos evadir Same Origin Policy y configurar cookies para sitios arbitrarios mediante la configuración de una cookie de un dominio de nivel superior. Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same serve... • http://curl.haxx.se/docs/adv_20140910B.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3613 – curl: incorrect handling of IP addresses in cookie domain
https://notcve.org/view.php?id=CVE-2014-3613
11 Sep 2014 — cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como or... • http://curl.haxx.se/docs/adv_20140910A.html • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 93%CPEs: 5EXPL: 1CVE-2014-0117 – Apache HTTP Server mod_proxy Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2014-0117
18 Jul 2014 — The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. El módulo mod_proxy en Apache HTTP Server 2.4.x anterior a 2.4.10, cuando un proxy inverso está habilitado, permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) a través de una cabecera de conexión HTTP manipulada. A denial of service flaw was found in the mod_pro... • https://packetstorm.news/files/id/127563 • CWE-20: Improper Input Validation •