CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4694
https://notcve.org/view.php?id=CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la sección 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar el tráfico HTTP fuera de rango de una aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, problema también conocido como "httpoxy", un problema relacionado con CVE-2016-5387. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html http://www.securityfocus.com/bid/93060 http://www.securitytracker.com/id/1036853 https://support.apple.com/HT207170 https://support.apple.com/HT207171 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4129 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4129
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4154 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4154
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4125 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4125
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-787: Out-of-bounds Write •