CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4436 – Apple Security Advisory 2014-10-16-1
https://notcve.org/view.php?id=CVE-2014-4436
17 Oct 2014 — IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 3CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
08 Oct 2014 — Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handl... • http://bugs.python.org/issue21831 • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 5.3EPSS: 3%CPEs: 23EXPL: 1CVE-2014-3565 – net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type
https://notcve.org/view.php?id=CVE-2014-3565
25 Sep 2014 — snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. snmplib/mib.c en net-snmp 5.7.0 y anteriores, cuando la opción -OQ está utilizada, permite a atacantes remotos causar una denegación de servicio (caída de snmptrapd) a través de un mensaje trampa SNMP... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-399: Resource Management Errors CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 134CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 4%CPEs: 8EXPL: 0CVE-2014-1391 – Apple QuickTime mdat Atom Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1391
19 Sep 2014 — QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un fichero de vídeo con codificación RLE. This vulnerability allows remote attackers to execute... • http://support.apple.com/kb/HT6443 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4402 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4402
19 Sep 2014 — An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Una función IOAcceleratorFamily no especificada en Apple OS X anterior a 10.9.5 carece de límites adecuados de comprobación en operaciones de lectura, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X Mavericks 10.9... • http://support.apple.com/kb/HT6443 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4390 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4390
19 Sep 2014 — Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Bluetooth en Apple OS X anterior a 10.9.5 no valida debidamente llamadas API, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handli... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4394 – Apple Security Advisory 2014-09-17-3
https://notcve.org/view.php?id=CVE-2014-4394
19 Sep 2014 — An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. Una rutina no especificada del driver de gráficos integrados en el subsistema Intel Graphics Driver en App... • http://support.apple.com/kb/HT6443 • CWE-20: Improper Input Validation •