CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 2CVE-2013-7338 – Gentoo Linux Security Advisory 201503-10
https://notcve.org/view.php?id=CVE-2013-7338
22 Apr 2014 — Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. Python anterior a 3.3.4 RC1 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un valor de tamaño de archivo más grande que el tamaño del archivo zi... • http://bugs.python.org/issue20078 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 21%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
15 Apr 2014 — The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de tran... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 6CVE-2011-3336 – Libc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2011-3336
14 Mar 2014 — regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. regcomp en la implementación BSD de libc, es vulnerable a una denegación de servicio debido al agotamiento de la pila. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://packetstorm.news/files/id/125725 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0106 – sudo: certain environment variables not sanitized when env_reset is disabled
https://notcve.org/view.php?id=CVE-2014-0106
06 Mar 2014 — Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de en... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2234
https://notcve.org/view.php?id=CVE-2014-2234
05 Mar 2014 — A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application. Cierto parche de Apple para OpenSSL en Apple OS X 10.9.2 y anteriores utiliza una funcionalidad... • https://hynek.me/articles/apple-openssl-verification-surprises • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1254 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1254
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una fuente Type 1 manipulada que se encuentra embebida en un documento. OS X Mavericks 10.9.2 and Security Update 20... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1263 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1263
26 Feb 2014 — curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509 d... • http://curl.haxx.se/docs/adv_20140326C.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1255 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1255
26 Feb 2014 — Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses m... • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1261 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1261
26 Feb 2014 — Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. Error de signo de enteros en CoreText en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una fuente Unicode manipulada. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple sec... • http://support.apple.com/kb/HT6150 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1256 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1256
26 Feb 2014 — Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Desbordamiento de buffer en Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipilados. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •