Page 247 of 1538 results (0.013 seconds)

CVSS: 8.8EPSS: 1%CPEs: 33EXPL: 0

CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)

https://notcve.org/view.php?id=CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permiten a atacantes remotos ejecutar código arbitrario a través de datos ASN.1 manipulados en un certificado X.509." A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 3

CVE-2016-0801 – Google Android Broadcom Wi-Fi Driver - Memory Corruption

https://notcve.org/view.php?id=CVE-2016-0801

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. El controlador Broadcom Wi-Fi en el kernel en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un paquete de mensajes de control inalámbricos manipulado, también conocido como error interno 25662029. • https://www.exploit-db.com/exploits/39801 https://github.com/abdsec/CVE-2016-0801 https://github.com/zsaurus/CVE-2016-0801-test http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://source.android.com/security/bulletin/2016-02-01.html http • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

CVE-2016-0802

https://notcve.org/view.php?id=CVE-2016-0802

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. El controlador Broadcom Wi-Fi en el kernel en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un paquete de mensajes de control inalámbricos manipulado, también conocido como error interno 25306181. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://source.android.com/security/bulletin/2016-02-01.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt http://www.securitytracker.com/id/1035353 https://support.apple.com/HT2061 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1716

https://notcve.org/view.php?id=CVE-2016-1716

AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. AppleGraphicsPowerManagement en Apple OS X en versiones anteriores a 10.11.3 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://www.securitytracker.com/id/1034736 https://support.apple.com/HT205731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1718 – Apple OS X IOAcceleratorFamily2 Out-Of-Bounds Indexing Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-1718

The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. La interfaz IOAcceleratorFamily2 en IOAcceleratorFamily en Apple OS X en versiones anteriores a 10.11.3 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOAcceleratorFamily2 interface. The issue lies in the failure to properly test a user-supplied index to ensure it is within the bounds of an array. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://www.securitytracker.com/id/1034736 http://zerodayinitiative.com/advisories/ZDI-16-020 https://support.apple.com/HT205731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •