Page 436 of 2179 results (0.009 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4749

https://notcve.org/view.php?id=CVE-2016-4749

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. Printing UIKit en Apple iOS en versiones anteriores a 10 no maneja adecuadamente variables de entorno, lo que permite a usuarios locales descubrir la vista previa del contenido AirPrint en texto plano mediante la lectura de un archivo temporal. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 43%CPEs: 2EXPL: 1

CVE-2016-4655 – Apple iOS Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-4655

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes obtener información sensible de la memoria a través de una aplicación manipulada. The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. • https://www.exploit-db.com/exploits/44836 http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00005.html http://www.securityfocus.com/bid/92651 http://www.securityfocus.com/bid/92965 http://www.securitytracker.com/id/1036694 https://blog.lookout.com/blog/2016/08/25/trident-pegasus https://support.apple.com/HT207107 https://support.apple.com/HT207145 https://blog.lookout.com/trident-pegasus https& •

CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0

CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to

https://notcve.org/view.php?id=CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 1

CVE-2013-0340

https://notcve.org/view.php?id=CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. expat 2.1.0 y anteriores no maneja adecuadamente entidades de expansión a menos que un desarrollador de aplicaciones use la función XML_SetEntityDeclHandler, esto permite a atacantes remotos provocar una denegación de servicio (consumo de recursos), enviar peticiones HTTP a los servidores de la intranet, o leer archivos arbitrarios a través de un documento XML manipulado, también conocido como problema XML External Entity (XXE) NOTA: se podría argumentar que debido a que expat ya ofrece la posibilidad de desactivar la expansión entidad externa, la responsabilidad de la solución de este problema se encuentra con los desarrolladores de aplicaciones, de acuerdo con este argumento, esta entrada debe ser rechazada, y cada aplicación afectada tendría su propio CVE . • http://openwall.com/lists/oss-security/2013/02/22/3 http://seclists.org/fulldisclosure/2021/Oct/61 http://seclists.org/fulldisclosure/2021/Oct/62 http://seclists.org/fulldisclosure/2021/Oct/63 http://seclists.org/fulldisclosure/2021/Sep/33 http://seclists.org/fulldisclosure/2021/Sep/34 http://seclists.org/fulldisclosure/2021/Sep/35 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep • CWE-611: Improper Restriction of XML External Entity Reference •