CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3620
https://notcve.org/view.php?id=CVE-2014-3620
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. cURL y libcurl anteriores a 7.38.0 permite a atacantes remotos evadir Same Origin Policy y configurar cookies para sitios arbitrarios mediante la configuración de una cookie de un dominio de nivel superior. • http://curl.haxx.se/docs/adv_20140910B.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html http://www.debian.org/security/2014/dsa-3022 http://www.openwall.com/lists/oss-security/2022/05/11/2 http://www.securityfocus.com/bid/69742 https://support.apple.com/kb/HT205031 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 96%CPEs: 5EXPL: 0CVE-2014-0117 – Apache HTTP Server mod_proxy Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2014-0117
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. El módulo mod_proxy en Apache HTTP Server 2.4.x anterior a 2.4.10, cuando un proxy inverso está habilitado, permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) a través de una cabecera de conexión HTTP manipulada. A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. • http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://seclists.org/fulldisclosure/2014/Jul/117 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 1CVE-2014-1377
https://notcve.org/view.php?id=CVE-2014-1377
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Error en el indice del array en IOAcceleratorFamily en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 https://code.google.com/p/google-security-research/issues/detail?id=17 •
CVSS: 7.5EPSS: 5%CPEs: 23EXPL: 0CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1371
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acceso a una aplicación en una sandbox para enviar un mensaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OS X Dock. The issue lies in the failure to proper sanitize a user-supplied value prior to indexing into an array of function pointers. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1361
https://notcve.org/view.php?id=CVE-2014-1361
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Secure Transport en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 no asegura que un mensaje DTLS está aceptado únicamente para una conexión DTLS, lo que permite a atacantes remotos obtener información potencialmente sensible de memoria de procesos no inicializada mediante el proporcionamiento de un mensaje DTLS dentro de una conexión TLS. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030500 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •