Page 267 of 2946 results (0.018 seconds)

CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0

CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

https://notcve.org/view.php?id=CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor bit-depth pequeño en un fragmento IHDR (también conocido como image header) en una imagen PNG. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 4%CPEs: 16EXPL: 0

CVE-2015-7804 – php: uninitialized pointer in phar_make_dirstream()

https://notcve.org/view.php?id=CVE-2015-7804

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. Error por un paso en la función phar_parse_zipfile en ext/phar/zip.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a un puntero no inicializado y caída de aplicación) incluyendo el nombre de archivo / en un archivo PHAR .zip. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76959 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=sla • CWE-189: Numeric Errors CWE-822: Untrusted Pointer Dereference •

CVSS: 6.8EPSS: 6%CPEs: 15EXPL: 0

CVE-2015-7803 – php: NULL pointer dereference in phar_get_fp_offset()

https://notcve.org/view.php?id=CVE-2015-7803

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. La función phar_get_entry_data en ext/phar/util.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un archivo .phar con una entrada de archivo TAR manipulada en la cual el indicador Link referencia a un archivo que no existe. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net& • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6985

https://notcve.org/view.php?id=CVE-2015-6985

Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una página web manipulada. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-7023

https://notcve.org/view.php?id=CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no considera adecuadamente la distinción de mayúsculas frente a minúsculas durante el análisis de cookie, lo que permite a servidores web remotos sobrescribir cookies a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securityfocus.com/bid/77263 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205375 • CWE-17: DEPRECATED: Code •