Page 243 of 2946 results (0.008 seconds)

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2

CVE-2016-1819 – Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

https://notcve.org/view.php?id=CVE-2016-1819

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. Vulnerabilidad de uso después de liberación de memoria en el método IOAccelContext2::clientMemoryForType en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1817 y CVE-2016-1818. The OS X kernel suffers from a use-after-free vulnerability due to bad locking in IOAcceleratorFamily2. • https://www.exploit-db.com/exploits/39928 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137396/OS-X-Kernel-Use-After-Free-From-IOAcceleratorFamily2-Bad-Locking.html http://www.securityfocus.com/bid/90694 http://www • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2

CVE-2016-1823 – Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type

https://notcve.org/view.php?id=CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824. La función IOHIDDevice::handleReportWithTime en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (lectura fuera de rango y corrupción de memoria) a través de una enumeración IOHIDReportType manipulada, lo que desencadena una proyección incorrecta, una vulnerabilidad diferente a CVE-2016-1824. • https://www.exploit-db.com/exploits/39927 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137397/OS-X-Kernel-Raw-Cast-Out-Of-Bounds-Read.html http://www.securityfocus.com/bid/90698 http://www.securitytracker.com& • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 1%CPEs: 30EXPL: 0

CVE-2016-1836 – libxml2: Heap use-after-free in xmlDictComputeFastKey

https://notcve.org/view.php?id=CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Vulnerabilidad de uso después de liberación de memoria en la función xmlDictComputeFastKey en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May • CWE-416: Use After Free •

CVSS: 7.5EPSS: 8%CPEs: 61EXPL: 0

CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow

https://notcve.org/view.php?id=CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos binarios. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 4%CPEs: 76EXPL: 1

CVE-2016-4073 – php: mb_strcut() Negative size parameter in memcpy

https://notcve.org/view.php?id=CVE-2016-4073

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. Múltiples desbordamientos de entero en la función mbfl_strcut en ext/mbstreng/libmbfl/mbfl/mbfilter.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.0.5 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una llamada mb_strcut manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •