CVSS: 9.3EPSS: 0%CPEs: 30EXPL: 1CVE-2016-1834 – libxml2: Heap-buffer-overflow in xmlStrncat
https://notcve.org/view.php?id=CVE-2016-1834
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento de buffer basado en memoria dinámica en la función xmlStrncat en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 1CVE-2016-1837 – libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
https://notcve.org/view.php?id=CVE-2016-1837
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) htmlPArsePubidLiteral y (2) htmlParseSystemiteral en libxml2 en versiones anteriores a 2.9.4, como se utilizan en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permiten a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6064
https://notcve.org/view.php?id=CVE-2014-6064
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. La pestaña Accounts en la interfaz de usuario de administración en McAfee Web Gateway (MWG) anterior a 7.3.2.9 y 7.4.x anterior a 7.4.2 permite a usuarios remotos autenticados obtener las contraseñas de usuarios en hash a través de vectores no especificados. • http://www.securitytracker.com/id/1030675 https://exchange.xforce.ibmcloud.com/vulnerabilities/95690 https://kc.mcafee.com/corporate/index?page=content&id=SB10080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2535
https://notcve.org/view.php?id=CVE-2014-2535
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. Vulnerabilidad de salto de directorio en McAfee Web Gateway (MWG) 7.4.x anterior a 7.4.1, 7.3.x anterior a 7.3.2.6 y 7.2.0.9 y anteriores permite a usuarios remotos autenticados leer archivos arbitrarios a través de una solicitud manipulada hacia el puerto de filtrado web. • http://secunia.com/advisories/56958 http://www.securityfocus.com/bid/66193 https://exchange.xforce.ibmcloud.com/vulnerabilities/91772 https://kc.mcafee.com/corporate/index?page=content&id=SB10063 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •