CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-1256
https://notcve.org/view.php?id=CVE-2014-1256
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Desbordamiento de buffer en Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipilados. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 1%CPEs: 4EXPL: 7CVE-2014-1266
https://notcve.org/view.php?id=CVE-2014-1266
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. La función SSLVerifySignedServerKeyExchange en libsecurity_ssl/lib/sslKeyExchange.c la funcionalidad Secure Transport en el componente Data Security en Apple iOS 6.x anterior a 6.1.6 y 7.x anterior a 7.0.6, Apple TV 6.x anterior a 6.0.2 y Apple OS X 10.9.x anterior a 10.9.2 no comprueba la firma en un mensaje TLS Server Key Exchange, lo que permite a atacantes man-in-the-middle falsificar servidores SSL mediante (1) el uso de una clave privada arbitraria para el paso de la firma o (2) la omisión del paso de la firma. • https://github.com/gabrielg/CVE-2014-1266-poc https://github.com/landonf/Testability-CVE-2014-1266 https://github.com/meetlight942/PentesterLab-Intercept-CVE-2014-1266 http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187 http://support.apple.com/kb/HT6146 http://support.apple.com/kb/HT6147 http://support.apple.com/kb/HT6148 http://support.apple.com/kb/HT6150 https://news.ycombinator.com/item?id=7281378 https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02- • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 60%CPEs: 52EXPL: 4CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-1912
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. • https://www.exploit-db.com/exploits/31875 http://bugs.python.org/issue20246 http://hg.python.org/cpython/rev/87673659d8f7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://pastebin.com/raw.php?i=GHXSmNEg http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2014-1252
https://notcve.org/view.php?id=CVE-2014-1252
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. • http://osvdb.org/102460 http://secunia.com/advisories/56615 http://secunia.com/advisories/56630 http://support.apple.com/kb/HT6117 http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6162 http://www.securityfocus.com/bid/65113 http://www.securitytracker.com/id/1029683 https://exchange.xforce.ibmcloud.com/vulnerabilities/90672 • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2013-5987
https://notcve.org/view.php?id=CVE-2013-5987
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. Vulnerabilidad sin especificar en los drivers gráficos de NVIDIA Release 331, 325, 319, 310, y 304 permite a usuarios locales evadir restricciones de acceso intencionadas para la GPU y obtener privilegios a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=139965942001604&w=2 http://nvidia.custhelp.com/app/answers/detail/a_id/3377 http://support.apple.com/kb/HT6150 •