Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.
3fda2d2de3dbc012f471e38333e69c22019fc8670e36541d0d45378234b7d9c9
Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.
8b8206b45dab552c0adf67970b3e4fcfdbb4fc7e2eb2c3e21b6e0df9e621e2d3
Cisco Security Advisory - A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability.
410793f468915a72f1daf1e5dc382917bf041ac8801144663e6dce5cc384f294
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
d8e296cc09908f7df9970ac6f701191bf7ccdff628d95194196a58689f8186be
This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.
6e27a1e1f2bcf759b740ad9887024027c9c87f0045ced259f32d35e3a7522fe1
Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cd
Mac OS X rootpipe local proof of concept privilege escalation exploit.
146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0
Cisco Security Advisory - Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contain denial of service and remote code execution vulnerabilities. Cisco has released free software updates that address these vulnerabilities.
e3904c4c544c8a55fe7a08d4189f9cb4bc54ecf9fad8f768b78e40310bf563a3
Cisco Security Advisory - The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Cisco has released free software updates that address these vulnerabilities.
9d4b5a2a4174e548dd6478d7db85d0f287c344d501273c6636c09095f01bf7c2
Cisco Security Advisory - Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can be triggered only by sending malformed IKEv2 packets. There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities.
0e99f457a00039ffb941af93c3f394d33f295fcda8ea2b1eaf6b2ff6710ee30f
Cisco Security Advisory - A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.
b7dd6a8f566bf357465462871ebb14bc469a2c42c8e0e58ef0b8691f1ea33244
Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
8b0545d79dddb6edb3e4b16cb96f955ce9377484475055942b60c012d1d98d58
Red Hat Security Advisory 2015-0327-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the files back end of Name Service Switch did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.
4a16c6ab2c6c11d8d47f0d52c425c5e09912802eec21306db67227f5c23219c6
Cisco Security Advisory - A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.
f9aa7d30c2de2cac2c6146829a9ee7f577afc484369915793565a06538f4f0c5
A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine.
12bedb80e935c14c525f7aca1139b70f471d66838a84cc908b3de4717f0877b1
Red Hat Security Advisory 2015-0101-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
74405882e85d1ed82abffab2b60dc45d12f3952a92ab2a5fd816bee6b62ea845
Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
07ae3d608c7bc928e164c5f0edd07d9fed0b40c519ef06bfed163e6e7f1b23fa
Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.
434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97
Red Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
620c64a2aa97609a8171e047e7c827ed68c38df906fd7ea24237c738885f5d14
Red Hat Security Advisory 2015-0090-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
344c688ffb8ddd28041911af7b947b4637ab2b0d272cf93ad900b34861ef6a7c
OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.
4eb96b629d8eab7927b29a5ec7a9f92753cd3f849943a9328dda80e152688d6a
OS X 10.10 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.
57e374097b155cf315fefccfe8009fda73846c7ab656b687d836fb54d450f253
OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.
26000ca21e50478d63a5ca817398f053658a3693b62adac8eb4a3b8c6669b930
OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.
8c9dfd0cb0115429d6229b818d3e69f753cdd59dc26b6381a12ffcbf5264ccda
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.
a50ca06a0203967966d658916c7f43401c0a173e68ebcbb744f3d6d302b27721