CVSS: 7.5EPSS: 81%CPEs: 10EXPL: 0CVE-2016-0742 – nginx: invalid pointer dereference in resolver
https://notcve.org/view.php?id=CVE-2016-0742
10 Feb 2016 — The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx ... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 11%CPEs: 9EXPL: 0CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver
https://notcve.org/view.php?id=CVE-2016-0746
10 Feb 2016 — Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cie... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 27%CPEs: 10EXPL: 0CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver
https://notcve.org/view.php?id=CVE-2016-0747
10 Feb 2016 — The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso tr... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7049 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7049
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7057. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7056 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7056
10 Dec 2015 — IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. IDE SCM en Apple Xcode en versiones anteriores a 7.2 no reconoce los archivos .gitignore, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando la presencia de un archivo que coincide con un patrón a ignorar. Xcode 7.2 is now ava... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7057 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7057
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7049. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7030 – Apple Security Advisory 2015-10-21-7
https://notcve.org/view.php?id=CVE-2015-7030
21 Oct 2015 — The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. La implementación de Swift en Apple Xcode en versiones anteriores a 7.1 no maneja correctamente la conversión de tipo, lo que tiene un impacto y vectores no especificados. Xcode 7.1 is now available and addresses a type conversion issue. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 25%CPEs: 46EXPL: 0CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3184
12 Aug 2015 — mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a t... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 24%CPEs: 18EXPL: 0CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
20 Jul 2015 — The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en s... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •