CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 3CVE-2016-1838 – libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1838
17 May 2016 — The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlPArserPrintFileContextInternal en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 ... • https://www.exploit-db.com/exploits/39493 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2CVE-2016-1839 – libxml2 - xmlDictAddString Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1839
17 May 2016 — The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlDictAddString en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores ... • https://www.exploit-db.com/exploits/39491 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2016-1840 – libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
https://notcve.org/view.php?id=CVE-2016-1840
17 May 2016 — Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento del buffer basado en memoria dinámica en la función xmlFAParsePosCharGroup en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 13%CPEs: 61EXPL: 0CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2105
03 May 2016 — Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 1%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
22 Mar 2016 — The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1774 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1774
22 Mar 2016 — The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realización de una copia de seguridad, lo que facilita a a... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1776 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1776
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Web Server en Apple OS X Server en versiones anteriores a 5.1 no restringe correctamente el acceso a archivos .DS_Store y .htaccess, lo que permite a atacantes remotos obtener información de configuración sensible a través de una petición HTTP. OS X Server 5.1 is now available and addresses RC4 crypto w... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1777 – Apple Security Advisory 2018-10-30-11
https://notcve.org/view.php?id=CVE-2016-1777
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Web Server en Apple OS X Server en versiones anteriores a 5.1 soporta el algoritmo RC4, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS 12 is now available and address... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1787 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1787
22 Mar 2016 — Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. Wiki Server en Apple OS X Server en versiones anteriores a 5.1 permite a atacantes remotos obtener información sensible de páginas Wiki a través de vectores no especificados. OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •