CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 2CVE-2014-4404 – Apple OS X Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2014-4404
17 Sep 2014 — Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. Desbordamiento de buffer basado en memoria dinámica en IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee propiedades manipuladas de asignación de teclas. A heap overflow in IOHIKey... • https://packetstorm.news/files/id/129344 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3613 – curl: incorrect handling of IP addresses in cookie domain
https://notcve.org/view.php?id=CVE-2014-3613
11 Sep 2014 — cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como or... • http://curl.haxx.se/docs/adv_20140910A.html • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3620 – Mandriva Linux Security Advisory 2014-187
https://notcve.org/view.php?id=CVE-2014-3620
11 Sep 2014 — cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. cURL y libcurl anteriores a 7.38.0 permite a atacantes remotos evadir Same Origin Policy y configurar cookies para sitios arbitrarios mediante la configuración de una cookie de un dominio de nivel superior. Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same serve... • http://curl.haxx.se/docs/adv_20140910B.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 93%CPEs: 5EXPL: 1CVE-2014-0117 – Apache HTTP Server mod_proxy Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2014-0117
18 Jul 2014 — The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. El módulo mod_proxy en Apache HTTP Server 2.4.x anterior a 2.4.10, cuando un proxy inverso está habilitado, permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) a través de una cabecera de conexión HTTP manipulada. A denial of service flaw was found in the mod_pro... • https://packetstorm.news/files/id/127563 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1379 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1379
01 Jul 2014 — Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. Graphics Drivers en Apple OS X anterior a 10.9.4 permite a atacantes ganar privilegios o causar una denegación de servicio (referencia a puntero nulo y caída de sistema) a través de un fichero ejecutable de 32-bits para una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are ... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 7.8EPSS: 6%CPEs: 23EXPL: 0CVE-2014-1370 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1370
01 Jul 2014 — The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. La implementación de intercambio de bytes en copyfile en Apple OS X anterior a 10.9.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero App... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1377 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1377
01 Jul 2014 — Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Error en el indice del array en IOAcceleratorFamily en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox circumvention, bypass, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1373 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1373
01 Jul 2014 — Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Graphics Driver en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenGL API no especificada, lo que permite a atacantes remotos ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1376 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1376
01 Jul 2014 — Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Intel Compute en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenCL API no especificada, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox c... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 23EXPL: 0CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1371
01 Jul 2014 — Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acce... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •