CVSS: 7.5EPSS: 95%CPEs: 25EXPL: 2CVE-2014-8517 – tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side
https://notcve.org/view.php?id=CVE-2014-8517
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final de una redirección HTTP. • https://www.exploit-db.com/exploits/35427 https://www.exploit-db.com/exploits/43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464 http://secunia.com/advisories/62028 http://secunia.com/advisories/62260 http://support. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4430
https://notcve.org/view.php?id=CVE-2014-4430
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70628 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97639 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4436
https://notcve.org/view.php?id=CVE-2014-4436
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70616 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97635 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4431
https://notcve.org/view.php?id=CVE-2014-4431
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Dock en Apple OS X anterior a 10.10 no gestiona debidamente el estado de la pantalla de bloqueo, lo que permite a atacantes físicamente próximos ver ventanas mediante el aprovechamiento de una estación de trabajo desatendida. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70633 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97638 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4444
https://notcve.org/view.php?id=CVE-2014-4444
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. SecurityAgent en Apple OS X anterior a 10.10 no asegura que un ticket Kerberos está en el caché para el usuario correcto, lo que permite a usuarios locales ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de un inicio de sesión Fast User Switching. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97623 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •