CVSS: 7.8EPSS: 96%CPEs: 3EXPL: 0CVE-2015-5722 – bind: malformed DNSSEC key failed assertion denial of service
https://notcve.org/view.php?id=CVE-2015-5722
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Vulnerabilidad en buffer.c en nombrado en ISC BIND 9.x en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegación de servicio (error de aserción y salida del demonio) mediante la creación de una zona de contención, una clave DNSSEC mal formada y la emisión de una consulta para un nombre en esa zona. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html http://lists.opensuse.org/op • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 9.3EPSS: 4%CPEs: 126EXPL: 1CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. • https://www.exploit-db.com/exploits/25974 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y caída del sistema) conectando un dispositivo USB. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3719
https://notcve.org/view.php?id=CVE-2012-3719
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. La app Mail en Apple Mac OS X antes de v10.7.5 no maneja correctamente los plugins web, lo que permite a atacantes remotos ejecutar código de su elección a través de un mensaje de correo electrónico que activa la carga de un plugin de terceros. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78751 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://osvdb.org/85647 http://support.apple.com/kb/HT5501 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •