Page 2 of 9 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5545

https://notcve.org/view.php?id=CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. La función principal en plistutil.c en libimobiledevice libplist hasta la versión 1.12 permite a atacantes obtener información sensible de la memoria de proceso o provocar una denegación de servicio (sobre lectura del búfer) a través de datos Apple Property List que son demasiado cortos. • http://www.securityfocus.com/bid/95702 https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee https://github.com/libimobiledevice/libplist/issues/87 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5209

https://notcve.org/view.php?id=CVE-2017-5209

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. La función base64decode en base64.c en libimobiledevice libplist hasta la versión 1.12 permite a atacantes obtener información sensible de la memoria de proceso o provocar una denegación de servicio (sobrelectura del búfer) a través de datos split codificados Apple Property List. • http://www.securityfocus.com/bid/95385 https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-5104

https://notcve.org/view.php?id=CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. La función socket_create en common/socket.c en libimobiledevice y libusbmuxd permite a atacantes remotos eludir las restricciones destinadas al acceso y comunicarse con servicios en dispositivos de iOS conectándose a un socket IPv4 TCP. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html http://www.openwall.com/lists/oss-security/2016/05/26/1 http://www.openwall.com/lists/oss-security/2016/05/26/6 http://www.ubuntu.com/usn/USN-3026-1 http://www.ubuntu.com/usn/USN-3026-2 https://bugzilla.redhat.com/show_bug.cgi?id=1339988 https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e https: • CWE-284: Improper Access Control •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2013-2142

https://notcve.org/view.php?id=CVE-2013-2142

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. userpref.c en libimobiledevice 1.1.4, cuando $HOME y $XDG_CONFIG_HOME no están definidos, permite a usuarios locales sobreescribir archivos d eforma arbitraria a través de un ataque symlink en (1) HostCertificate.pem, (2)HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, o (5) RootPrivateKey.pem en /tmp/root/.config/libimobiledevice/. • http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use http://www.openwall.com/lists/oss-security/2013/06/04/11 http://www.ubuntu.com/usn/USN-1927-1 https://bugs.launchpad.net/ubuntu/%2Bsource/libimobiledevice/%2Bbug/1164263 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •