Page 217 of 2653 results (0.009 seconds)

CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0

CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to

https://notcve.org/view.php?id=CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4649

https://notcve.org/view.php?id=CVE-2016-4649

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-476: NULL Pointer Dereference •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4645

https://notcve.org/view.php?id=CVE-2016-4645

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. CFNetwok en Apple OS X en versiones anteriores a 10.11.6 utiliza permisos débiles para cookies de navegador web, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2016-4625 – Apple macOS 10.12 - 'task_t' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-4625

Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación de memoria en IOSurface en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios a través vectores no especificados. Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface. • https://www.exploit-db.com/exploits/40669 https://www.exploit-db.com/exploits/40653 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4640 – Apple OS X WindowServer _XRegisterCursorWithData Memory Corruption Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-4640

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado, obtener información sensible de usuario, o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a memory corruption condition. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-435 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •