CVSS: 4.9EPSS: 3%CPEs: 15EXPL: 0CVE-2014-1320 – (Pwn2Own\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-1320
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. IOKit en Apple iOS anterior a 7.1.1, Apple OS X hasta 10.9.2 y Apple TV anterior a 6.1.1 coloca punteros de kernel dentro de una estructura de datos de objeto, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la lectura de atributos no especificados del objeto. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOKit. The issue lies in the storage of kernel pointers in an object's data structure that could be retrieved from userland. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 1CVE-2014-1322 – Apple Mac OSX - Local Security Bypass
https://notcve.org/view.php?id=CVE-2014-1322
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. El kernel en Apple OS X hasta 10.9.2 coloca un puntero de kernel en una estructura de datos de objeto XNU accesible de espacio de usuario, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la lectura de un atributo no especificado del objeto. • https://www.exploit-db.com/exploits/39147 http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 2CVE-2013-7338
https://notcve.org/view.php?id=CVE-2013-7338
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. Python anterior a 3.3.4 RC1 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un valor de tamaño de archivo más grande que el tamaño del archivo zip hacia la función (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract o (5) ZipFile.extractall. • http://bugs.python.org/issue20078 http://hg.python.org/cpython/rev/79ea4ce431b1 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://seclists.org/oss-sec/2014/q1/592 http://seclists.org/oss-sec/2014/q1/595 http://www.securityfocus.com/bid/65179 http://www.securitytracker.com/id/1029973 https://docs.python.org/3.3/whatsnew/changelog.html https://security.gentoo.org/glsa/201503& • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 46%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •
CVSS: 6.6EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0106 – sudo: certain environment variables not sanitized when env_reset is disabled
https://notcve.org/view.php?id=CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de entorno manipulada. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html http://rhn.redhat.com/errata/RHSA-2014-0266.html http://www.openwall.com/lists/oss-security/2014/03/06/2 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/65997 http://www.sudo.ws/sudo/alerts/env_add.html http://www.ubuntu.com/usn/USN-2146-1 https://support.appl • CWE-20: Improper Input Validation •