CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0CVE-2013-7040
https://notcve.org/view.php?id=CVE-2013-7040
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. Python 2.7 anterior a 3.4 solamente utiliza las últimas ocho partes del prefijo para asignar valores de hash de forma aleatoria, lo que causa que calcule valores de hash sin restringir la habilidad de provocar colisiones de hash de forma previsible y facilita a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de entradas manipuladas hacia una aplicación que mantiene una tabla de hash. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-1150. • http://bugs.python.org/issue14621 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.openwall.com/lists/oss-security/2013/12/09/13 http://www.openwall.com/lists/oss-security/2013/12/09/3 http://www.securityfocus.com/bid/64194 https://support.apple.com/kb/HT205031 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1316
https://notcve.org/view.php?id=CVE-2014-1316
Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. Heimdal, utilizado en Apple OS X hasta 10.9.2, permite a atacantes remotos causar una denegación de servicio (abortar y salida de demonio) a través de datos ASN.1 encontrados en el protocolo Kerberos 5. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2014-1296
https://notcve.org/view.php?id=CVE-2014-1296
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. CFNetwork en Apple iOS anterior a 7.1.1, Apple OS X hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que una cabecera HTTP de configuración de cookie está completa antes de interpretar el valor de la cabecera, lo que permite a atacantes remotos evadir restricciones de acceso mediante la provocación de el cierre de una conexión TCP durante la transmisión de una cabecera, tal y como fue demostrado por una restricción HTTPOnly. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1314 – Apple OS X WindowsServer Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1314
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. WindowServer en Apple OS X hasta 10.9.2 no previene la creación de sesión mediante una aplicación en una sandbox, lo que permite a atacantes evadir el mecanismo de protección sandbox y ejecutar código arbitrario a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within WindowServer. The issue lies in the failure to prevent sandboxed applications from creating new sessions. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1318 – (Pwn2Own\Pwn4Fun) Apple OS X Graphics Driver Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1318
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. Intel Graphics Driver en Apple OS X hasta 10.9.2 no valida debidamente cierto puntero, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel graphics driver. The issue lies in the failure to properly validate a pointer. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-20: Improper Input Validation •