CVSS: 7.5EPSS: 56%CPEs: 10EXPL: 0CVE-2016-0742 – nginx: invalid pointer dereference in resolver
https://notcve.org/view.php?id=CVE-2016-0742
10 Feb 2016 — The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx ... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver
https://notcve.org/view.php?id=CVE-2016-0746
10 Feb 2016 — Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cie... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver
https://notcve.org/view.php?id=CVE-2016-0747
10 Feb 2016 — The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso tr... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7049 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7049
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7057. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7056 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7056
10 Dec 2015 — IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. IDE SCM en Apple Xcode en versiones anteriores a 7.2 no reconoce los archivos .gitignore, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando la presencia de un archivo que coincide con un patrón a ignorar. Xcode 7.2 is now ava... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7057 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7057
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7049. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7030 – Apple Security Advisory 2015-10-21-7
https://notcve.org/view.php?id=CVE-2015-7030
21 Oct 2015 — The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. La implementación de Swift en Apple Xcode en versiones anteriores a 7.1 no maneja correctamente la conversión de tipo, lo que tiene un impacto y vectores no especificados. Xcode 7.1 is now available and addresses a type conversion issue. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5909 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2015-5909
18 Sep 2015 — IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no restringe adecuadamente el acceso al repositorio de las listas de correo electrónico, lo que permite a atacantes remotos obtener información potencialmente sensible ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5910 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2015-5910
18 Sep 2015 — IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no asegura que el tráfico del servidor esté cifrado, lo que permite a atacantes remotos obtener información sensible husmeando la red. Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3184
12 Aug 2015 — mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a t... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •