CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3613 – curl: incorrect handling of IP addresses in cookie domain
https://notcve.org/view.php?id=CVE-2014-3613
11 Sep 2014 — cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como or... • http://curl.haxx.se/docs/adv_20140910A.html • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3620 – Mandriva Linux Security Advisory 2014-187
https://notcve.org/view.php?id=CVE-2014-3620
11 Sep 2014 — cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. cURL y libcurl anteriores a 7.38.0 permite a atacantes remotos evadir Same Origin Policy y configurar cookies para sitios arbitrarios mediante la configuración de una cookie de un dominio de nivel superior. Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same serve... • http://curl.haxx.se/docs/adv_20140910B.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 94%CPEs: 5EXPL: 1CVE-2014-0117 – Apache HTTP Server mod_proxy Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2014-0117
18 Jul 2014 — The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. El módulo mod_proxy en Apache HTTP Server 2.4.x anterior a 2.4.10, cuando un proxy inverso está habilitado, permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) a través de una cabecera de conexión HTTP manipulada. A denial of service flaw was found in the mod_pro... • https://packetstorm.news/files/id/127563 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1358 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1358
01 Jul 2014 — Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Desbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, s... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1379 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1379
01 Jul 2014 — Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. Graphics Drivers en Apple OS X anterior a 10.9.4 permite a atacantes ganar privilegios o causar una denegación de servicio (referencia a puntero nulo y caída de sistema) a través de un fichero ejecutable de 32-bits para una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are ... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1381 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1381
01 Jul 2014 — Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. Thunderbolt en Apple OS X anterior a 10.9.4 no restringe debidamente las llamadas IOThunderBoltController API, lo que permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a t... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 6%CPEs: 23EXPL: 0CVE-2014-1370 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1370
01 Jul 2014 — The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. La implementación de intercambio de bytes en copyfile en Apple OS X anterior a 10.9.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero App... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1359 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1359
01 Jul 2014 — Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Subdesbordamiento de enteros en launchd en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code executio... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1377 – Apple Security Advisory 2014-06-30-2
https://notcve.org/view.php?id=CVE-2014-1377
01 Jul 2014 — Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Error en el indice del array en IOAcceleratorFamily en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address application termination, code execution, sandbox circumvention, bypass, and various other vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1361 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1361
01 Jul 2014 — Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Secure Transport en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 no asegura que un mensaje DTLS está aceptado únicamente para una conexión... • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •