Page 213 of 1538 results (0.015 seconds)

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges

https://notcve.org/view.php?id=CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12, tvOS en versiones anteriores a la 10 y watchOS en versiones anteriores a la 3 y otros productos) no prohíbe los nodos de espacio de nombre en los rangos XPointer. Esto permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) mediante un documento XML manipulado. A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 http://www.securitytracker.com/id/1038623 https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-4738

https://notcve.org/view.php?id=CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. libxslt en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.debian.org/security/2016/dsa-3709 http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-4776

https://notcve.org/view.php?id=CVE-2016-4776

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información de estructura de memoria o provocar una denegación de servicio (lectura fuera de límites) a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2016-4773 y CVE-2016-4774. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-4778

https://notcve.org/view.php?id=CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0

CVE-2016-4725

https://notcve.org/view.php?id=CVE-2016-4725

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •