CVSS: 5.5EPSS: 1%CPEs: 30EXPL: 2CVE-2016-1833 – libxml2: Heap-based buffer overread in htmlCurrentChar
https://notcve.org/view.php?id=CVE-2016-1833
17 May 2016 — The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función htmlCurrentChar en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a ... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 4%CPEs: 30EXPL: 1CVE-2016-1834 – libxml2: Heap-buffer-overflow in xmlStrncat
https://notcve.org/view.php?id=CVE-2016-1834
17 May 2016 — Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento de buffer basado en memoria dinámica en la función xmlStrncat en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones ante... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 12%CPEs: 30EXPL: 3CVE-2016-1838 – libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1838
17 May 2016 — The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlPArserPrintFileContextInternal en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 ... • https://www.exploit-db.com/exploits/39493 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 10%CPEs: 30EXPL: 2CVE-2016-1839 – libxml2 - xmlDictAddString Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1839
17 May 2016 — The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlDictAddString en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores ... • https://www.exploit-db.com/exploits/39491 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 30EXPL: 1CVE-2016-1837 – libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
https://notcve.org/view.php?id=CVE-2016-1837
17 May 2016 — Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) htmlPArsePubidLiteral y (2) htmlParseSystemiteral en libxml2 en versiones anteriores a 2.9.4, como se uti... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 1%CPEs: 30EXPL: 0CVE-2016-1836 – libxml2: Heap use-after-free in xmlDictComputeFastKey
https://notcve.org/view.php?id=CVE-2016-1836
17 May 2016 — Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Vulnerabilidad de uso después de liberación de memoria en la función xmlDictComputeFastKey en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, t... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 12%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
22 Mar 2016 — The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6547
https://notcve.org/view.php?id=CVE-2015-6547
20 Sep 2015 — The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar comandos arbitrarios en tiempo de arranque a través de vectores no especificados. • http://www.securityfocus.com/bid/76730 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6548
https://notcve.org/view.php?id=CVE-2015-6548
20 Sep 2015 — Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL múltiple en el script PHP en la consola de gestión en Symantec Web Gateway (SWG) en aparatos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar comandos SQL arbitrario... • http://www.securityfocus.com/bid/76729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5690 – Symantec Web Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5690
16 Sep 2015 — The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y ejecutar comandos arbitarios mediante el ... • http://www.securityfocus.com/bid/76725 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •