CVE-2014-4427
https://notcve.org/view.php?id=CVE-2014-4427
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70635 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97642 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4428
https://notcve.org/view.php?id=CVE-2014-4428
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Bluetooth en Apple OS X anterior a 10.10 no requiere cifrado para dispositivos HID de baja energía, lo que permite a atacantes remotos suplantar un dispositivo mediante el aprovechamiento de un emparejamiento previo. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://secunia.com/advisories/61825 http://secunia.com/advisories/61827 http://www.securityfocus.com/archive/1/533746 http://www.securityfocus.com/archive/1/533747 http://www.securityfocus.com/bid/70636 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97641 https://support.apple.com/kb/HT6535 https://support.apple.com/kb/HT6541 https://support.apple.com/kb/HT6542 • CWE-310: Cryptographic Issues •
CVE-2014-3660 – libxml2: denial of service via recursive entity expansion
https://notcve.org/view.php?id=CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. parser.c en libxml2 anterior a 2.9.2 no previene debidamente la expansión de entidades incluso cuando la substitución de entidades haya sido deshabilitada, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de un documento XML manipualdo que contiene un número grande de referencias de entidades anidadas, una variante del ataque del 'billón de risas'. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2014-1655.html http://rhn.redhat.com/errata/RHSA-2014-1885.html http://secunia.com/advisories/59903 http://s • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook https://github.com/stdevel/poodle_protector https://github.com/cloudpassage/mangy-beast https://github.com/mpgn/poodle-PoC https://github.com/uthrasri/openssl_g2.5_CVE-2014-3566 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/201 • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. • http://bugs.python.org/issue21831 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 http:/ • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •