CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1259 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1259
26 Feb 2014 — Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. Desbordamiento de buffer en File Bookmark en Apple OS X anterior a 10.9.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un nombre de archivo manipulado. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues incl... • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1257 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1257
26 Feb 2014 — CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. CFNetwork en Apple OS X hasta 10.8.5 no elimina cookies de sesión en una acción de restablecimiento de Safari, lo que permite a atacantes físicamente próximos evadir restricciones de acceso mediante el aprovechamiento de una estación de trabajo desatendida. OS X Mavericks 10.9.2 and Secur... • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 39%CPEs: 52EXPL: 4CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-1912
20 Feb 2014 — Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.re... • https://www.exploit-db.com/exploits/31875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 6%CPEs: 7EXPL: 0CVE-2014-1252 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1252
24 Jan 2014 — Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. OS X Mavericks 10.9.2 and Security Upd... • http://osvdb.org/102460 • CWE-415: Double Free •
CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 3CVE-2013-6420 – PHP - 'openssl_x509_parse()' Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6420
11 Dec 2013 — The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5... • https://packetstorm.news/files/id/124436 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 6%CPEs: 15EXPL: 0CVE-2013-6712 – php: heap-based buffer over-read in DateInterval
https://notcve.org/view.php?id=CVE-2013-6712
28 Nov 2013 — The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbord... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5184
https://notcve.org/view.php?id=CVE-2013-5184
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. El kernel en Apple Mac OS X anterior a 10.9 no comprueba errores adecuadamente durante el proceso de paquetes Wi-Fi multicast, lo que permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) aprovechando la presencia de un... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5179 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5179
24 Oct 2013 — App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. App Sandbox in Apple Mac OS X anterior a 10.9 permite a atacantes sortear restricciones de sandbox a traves de una aplicación manipulada que utiliza el interfaz LaunchServices para especificar argumentos de proceso. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues inc... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5177
https://notcve.org/view.php?id=CVE-2013-5177
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. El kernel de Apple Mac OS X anterior a 10.9 permite a usuarios locales provocar una denegación de servicio (panic) a través de una estructura iovec no válida. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5191
https://notcve.org/view.php?id=CVE-2013-5191
24 Oct 2013 — The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. La implementación de syslog en Apple Mac OS X anteriores a 10.9 permite a usuarios locales obtener información sensible utilizando el acceso a la cuenta de invitados y leyendo los mensajes del log de la consola de sesiones de invitado anteriores. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •