Download
| Alert*
|
CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. CVE-2014-3618 Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." CVE-2014-6277 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted envir ... CVE-2014-8611 The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application ... CVE-2014-9425 Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2014-7186 The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. CVE-2014-7187 Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. CVE-2014-8147 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service ... CVE-2014-8090 The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes ... CVE-2014-8080 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. CVE-2013-3951 sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guar ... CVE-2015-1855 verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) ca ... CVE-2015-1352 The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. CVE-2015-5896 The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903. CVE-2015-5897 The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. CVE-2015-5899 libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. CVE-2015-5890 IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. CVE-2015-5891 The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. CVE-2015-5893 SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. CVE-2015-5894 The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica ... CVE-2015-5522 Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. CVE-2015-5885 The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. CVE-2015-5523 The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. CVE-2015-5887 The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. CVE-2015-5888 The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. CVE-2015-5922 Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. CVE-2015-5881 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7760, CVE-2015-7761. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-7760 and CVE-2015-7761 to identify the ID or IDs of interest. All references an ... CVE-2015-5882 The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges. CVE-2015-5883 The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. CVE-2015-5884 The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. CVE-2015-5830 The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. CVE-2015-5831 NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. CVE-2015-5833 The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. CVE-2015-5836 Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. CVE-2015-5839 dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. CVE-2015-5824 The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. CVE-2015-5853 AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. CVE-2015-5854 The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. CVE-2015-5855 Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. CVE-2015-5858 The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. CVE-2015-5851 The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute ... CVE-2015-5841 The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. CVE-2015-5842 XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. CVE-2015-5847 The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. CVE-2015-5849 The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. CVE-2015-3785 The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. CVE-2015-5840 The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. CVE-2015-5875 Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. CVE-2015-5876 dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. CVE-2015-5877 The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. CVE-2015-5878 Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. CVE-2015-5879 XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. CVE-2015-5912 The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. CVE-2015-5913 Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. CVE-2015-5914 The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fi ... CVE-2015-5915 Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. CVE-2015-5917 The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring ... CVE-2015-5870 The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. CVE-2015-5871 IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. CVE-2015-5872 IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. CVE-2015-5873 IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. CVE-2015-5863 IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. CVE-2015-5864 IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. CVE-2015-5865 IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. CVE-2015-5866 IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. CVE-2015-5867 IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. CVE-2015-5900 The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. CVE-2015-5868 The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. CVE-2015-5901 The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. CVE-2015-5869 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. CVE-2015-5902 The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. CVE-2015-5903 The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. CVE-2015-5860 The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. CVE-2015-5862 The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. CVE-2015-5889 rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. CVE-2015-3416 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified ... CVE-2014-8146 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (hea ... CVE-2015-5874 CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. CVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. CVE-2014-9427 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... CVE-2014-9652 The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta ... CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVE-2015-0231 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numeri ... CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. CVE-2015-1351 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-0286 The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash ... CVE-2015-0287 The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corr ... CVE-2015-0273 Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_t ... CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a ... CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an _ ... CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of ... CVE-2015-2783 ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data i ... CVE-2015-3415 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHEC ... CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated ... CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected ... CVE-2015-3330 The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP ... CVE-2015-3329 Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. |
