Page 230 of 1901 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash

https://notcve.org/view.php?id=CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2810

https://notcve.org/view.php?id=CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demostrado por la lectura del historial del navegador o una contraseña guardada. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-41.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1229681 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2813

https://notcve.org/view.php?id=CVE-2016-2813

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensible sobre el entorno de un dispositivo físico, y posiblemente descubrir valores de PIN, a través de un sitio web manipulado, un problema similar a CVE-2016-1780. • http://dl.acm.org/citation.cfm?id=2714650 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-43.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1197901 https://security.gentoo.org/glsa/201701-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2016-2809

https://notcve.org/view.php?id=CVE-2016-2809

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. El actualizador Mozilla Maintenance Service en Mozilla Firefox en versiones anteriores a 46.0 sobre Windows permite a atacantes remotos asistidos por usuario eliminar archivos arbitrarios aprovechando la ejecución de un determinado archivo local. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-40.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1212939 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2817

https://notcve.org/view.php?id=CVE-2016-2817

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. La funcionalidad de sandbox WebExtension en browser/components/extensions/ext-tabs.js en Mozilla Firefox en versiones anteriores a 46.0 no restringe adecuadamente la herencia principal durante llamadas API chrome.tabs.create y chrome.tabs.update, lo que permite a atacantes remotos llevar a cabo ataques Universal XSS (UXSS) a través de una extensión manipulada que accede a una URL (1) javascript: o (2) data:. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-46.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1227462 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •