CVSS: 7.5EPSS: 39%CPEs: 52EXPL: 4CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-1912
20 Feb 2014 — Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.re... • https://www.exploit-db.com/exploits/31875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 6%CPEs: 7EXPL: 0CVE-2014-1252 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1252
24 Jan 2014 — Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. OS X Mavericks 10.9.2 and Security Upd... • http://osvdb.org/102460 • CWE-415: Double Free •
CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 3CVE-2013-6420 – PHP - 'openssl_x509_parse()' Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6420
11 Dec 2013 — The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5... • https://packetstorm.news/files/id/124436 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 6%CPEs: 15EXPL: 0CVE-2013-6712 – php: heap-based buffer over-read in DateInterval
https://notcve.org/view.php?id=CVE-2013-6712
28 Nov 2013 — The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbord... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5184
https://notcve.org/view.php?id=CVE-2013-5184
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. El kernel en Apple Mac OS X anterior a 10.9 no comprueba errores adecuadamente durante el proceso de paquetes Wi-Fi multicast, lo que permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) aprovechando la presencia de un... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5173
https://notcve.org/view.php?id=CVE-2013-5173
24 Oct 2013 — The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. El generador de números aleatorios en el kernel de Apple Mac OS X anteriores a 10.9 proporciona acceso exclusivo estenso para procesar peticiones grandes, lo cual permite a usuarios locales causar denegación de servicio (agotamiento te... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5171
https://notcve.org/view.php?id=CVE-2013-5171
24 Oct 2013 — CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. CoreGraphics en Apple Mac OS X anterior a la versión 10.9 permite a atacantes locales evadir el modo de entrada segura y registrar pulsaciones de teclado de una aplicación arbitraria a través de un evento de registro hotkey. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 0CVE-2013-5135
https://notcve.org/view.php?id=CVE-2013-5135
24 Oct 2013 — Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar código arbitrario a través especificadores de formato de cadena en el nombre de usuario VNC. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5185
https://notcve.org/view.php?id=CVE-2013-5185
24 Oct 2013 — The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. El programa de línea de comandos ldapsearch en OpenLDAP en Apple Mac OS X anteriores a 10.9 no procesa correctamente la configuración de minssf, lo cual permite a atacantes remotos obtener información sensible aprovechándose de cifrados débiles ... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5167
https://notcve.org/view.php?id=CVE-2013-5167
24 Oct 2013 — CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. CFNetwork en Apple Mac OS X anterior 10.9 no soporta apropiadamente el borrado de cookies cuando se realiza una operación de reset en Safari, lo que hace más fácil a los servidores web remotos rastrear usuarios a través de cabeceras Set-Cookie HTTP. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-16: Configuration •