CVE-2014-0067
https://notcve.org/view.php?id=CVE-2014-0067
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que permite a usuarios locales ganar privilegios mediante el aprovechamiento de acceso a este cluster. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://wiki.postgresql.org/wiki/20140220securityrelease http://www.debian.org/security/2014/dsa-2864 http://www.debian.org/security/2014/dsa-2865 http://www.postgresql.org/about/news/1506 http://www.securityfocus • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. • https://www.exploit-db.com/exploits/25974 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0971 – Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0971
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. Vulnerabilidad de uso después de la liberación en PDFKit en Apple Mac OS X anterior a v10.8.3, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de anotaciones manuscritas elaboradas en un documento PDF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a PDF file. During the processing of a specific InkList array, a reference is created to an object that is freed before use. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-399: Resource Management Errors •
CVE-2013-0966
https://notcve.org/view.php?id=CVE-2013-0966
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. El módulo mod_hfs_apple de Apple para el Servidor Apache HTTP en Apple Mac OS X anterior a v10.8.3 no controla correctamente caracteres Unicode, lo que permite a atacantes remotos eludir requisitos de autenticación de directorio a través de una ruta diseñada en un URI. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVE-2013-0973
https://notcve.org/view.php?id=CVE-2013-0973
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. Software Update en Apple Mac OS X hasta v10.7.5 no impide que la carga de complementos en el marketing-text WebView, permitiendo que atacantes de hombre en medio (man-in-the-middle) ejecuten código del plugin mediante la modificación del flujo de datos cliente-servidor. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •