CVSS: 4.3EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3707 – curl: incorrect handle duplication after COPYPOSTFIELDS
https://notcve.org/view.php?id=CVE-2014-3707
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que permite a servidores web remotos leer información sensible de la memoria. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. • http://curl.haxx.se/docs/adv_20141105.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.debian.org/security/2014/dsa-3069 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 7.5EPSS: 95%CPEs: 25EXPL: 3CVE-2014-8517 – tnftp "savefile" Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2014-8517
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final de una redirección HTTP. • https://www.exploit-db.com/exploits/35427 https://www.exploit-db.com/exploits/43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464 http://secunia.com/advisories/62028 http://secunia.com/advisories/62260 http://support. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4442
https://notcve.org/view.php?id=CVE-2014-4442
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. El kernel en Apple OS X anterior a 10.10 permite a usuarios locales causar una denegación de servicio (kernel panic) a través de un mensaje hacia un socket de control del sistema. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70624 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97632 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4432
https://notcve.org/view.php?id=CVE-2014-4432
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener datos en claro mediante el aprovechamiento de la ignorancia del requisito de reinicio. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70632 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97637 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4437
https://notcve.org/view.php?id=CVE-2014-4437
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. LaunchServices en Apple OS X anterior a 10.10 permite a atacantes evadir restricciones de sandbox a través de una aplicación que especifica un manejador manipulado para el campo Content-Type de un objeto. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70627 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97631 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •