Page 26 of 700 results (0.026 seconds)

CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 0

CVE-2015-8869 – ocaml: sizes arguments are sign-extended from 32 to 64 bits

https://notcve.org/view.php?id=CVE-2015-8869

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. OCaml en versiones anteriores a 4.03.0 no maneja correctamente extensiones de firma, lo que permite a atacantes remotos llevar a cabo ataques de desbordamiento de buffer u obtener información sensible según lo demostrado por una cadena larga para la función String.copy. An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184507.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00081.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00037.html http://rhn.redhat.com/errata/RHSA-2016-2576.html http://rhn.redhat.com/errata/RHSA-2017-0564.html http://rhn.redhat.com/errata/RHSA-2017-0565.html http://www.openwall.com/lists/oss-security/2016/04/29/1 http://www.openwall.com/lists/oss-security/2016/04/29/6 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0

CVE-2016-4414

https://notcve.org/view.php?id=CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. La función onReadyRead en core/coreauthhandler.cpp en Quassel en versiones anteriores a 0.12.4 permite a atacantes remotos provocar una caída de servicio (referencia a un puntero NULL y caída) a través de una información handshake no válida. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html http://quassel-irc.org/node/129 http://www.openwall.com/lists/oss-security/2016/04/30/2 http://www.openwall.com/lists/oss-security/2016/04/30/4 https://github.com/quassel/quassel/com •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-5104

https://notcve.org/view.php?id=CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. La función socket_create en common/socket.c en libimobiledevice y libusbmuxd permite a atacantes remotos eludir las restricciones destinadas al acceso y comunicarse con servicios en dispositivos de iOS conectándose a un socket IPv4 TCP. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html http://www.openwall.com/lists/oss-security/2016/05/26/1 http://www.openwall.com/lists/oss-security/2016/05/26/6 http://www.ubuntu.com/usn/USN-3026-1 http://www.ubuntu.com/usn/USN-3026-2 https://bugzilla.redhat.com/show_bug.cgi?id=1339988 https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e https: • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-2824

https://notcve.org/view.php?id=CVE-2016-2824

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. La clase TSymbolTableLevel en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 en Windows, permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de aplicación) o posiblemente tener otro impacto no especificado desencadenando el uso de un shader WebGL que escribe en un array. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.mozilla.org/security/announce/2016/mfsa2016-53.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 https://bugzilla.mozilla.org/show_bug.cgi?id=1248580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

CVE-2016-3706

https://notcve.org/view.php?id=CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. Desbordamiento del buffer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (también conocida como glibc o libc6) permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con la conversión hostent. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2013-4458. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.securityfocus.com/bid/102073 http://www.securityfocus.com/bid/88440 https://source.android.com/security/bulletin/2017-12-01 https://sourceware.org/bugzilla/show_bug.cgi?id=20010 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 • CWE-20: Improper Input Validation •