CVSS: 7.5EPSS: 39%CPEs: 52EXPL: 4CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-1912
20 Feb 2014 — Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.re... • https://www.exploit-db.com/exploits/31875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 6%CPEs: 7EXPL: 0CVE-2014-1252 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2014-1252
24 Jan 2014 — Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. OS X Mavericks 10.9.2 and Security Upd... • http://osvdb.org/102460 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-5987 – HP Security Bulletin HPSBHF02946 2
https://notcve.org/view.php?id=CVE-2013-5987
21 Jan 2014 — Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. Vulnerabilidad sin especificar en los drivers gráficos de NVIDIA Release 331, 325, 319, 310, y 304 permite a usuarios locales evadir restricciones de acceso intencionadas para la GPU y obtener privilegios a través de vectores desconocidos. A potential security vulnerability has been identified with certain HP se... • http://marc.info/?l=bugtraq&m=139965942001604&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-7127
https://notcve.org/view.php?id=CVE-2013-7127
17 Dec 2013 — Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Apple Safari 6.0.5 en Mac OS X 10.7.5 y 10.8.5 almacena las credenciales en texto plano en LastSession.plist, lo que permite a usuarios locales obtener información sensible mediante la lectura de este archivo. • http://www.securelist.com/en/blog/8168/Loophole_in_Safari • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 3CVE-2013-6420 – PHP - 'openssl_x509_parse()' Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6420
11 Dec 2013 — The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5... • https://packetstorm.news/files/id/124436 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 6%CPEs: 15EXPL: 0CVE-2013-6712 – php: heap-based buffer over-read in DateInterval
https://notcve.org/view.php?id=CVE-2013-6712
28 Nov 2013 — The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbord... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 8CVE-2013-6799 – Apple Mac OSX 10.9 - Hard Link Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6799
16 Nov 2013 — Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105. Apple Mac OS X permite a usuarios locales provocar una denegación de servicio (corrupción de memoria o panic) mediante la creación de un hard link a un directorio. NOTA: esta vulnerabilidad existe por una solución incompleta para CVE-2010-0105. Multiple vulnerabilities have been reported in HFS... • https://packetstorm.news/files/id/126039 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5186
https://notcve.org/view.php?id=CVE-2013-5186
24 Oct 2013 — Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Administrador de energía en Apple Mac OS X anterior a la versión 10.9 no controla correctamente la interacción entre el bloqueo y las afirmaciones de potencia, lo que permite a atacantes físicamente próximos a obtener información sensibl... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5189
https://notcve.org/view.php?id=CVE-2013-5189
24 Oct 2013 — Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. Apple Mac OS X anterior a 10.9 no preserva ciertos ajustes de sistema administrativos a traves de las actualizaciones de software, lo que permite a atacantes dependientes de contexto sortear re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5181
https://notcve.org/view.php?id=CVE-2013-5181
24 Oct 2013 — The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. La funcionalidad de auto-configuración en Mail en Apple Mac OS X anteriores a 10.9 selecciona autenticación sin cifrar para servidores no especificados que soportan autenticación CRAM-MD5, lo cual permite a atacantes remotos obtener información sensible mediant... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •