Page 92 of 1121 results (0.015 seconds)

CVSS: 9.6EPSS: 0%CPEs: 13EXPL: 1

CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads

https://notcve.org/view.php?id=CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_disable_entity_loader en otros hilos, lo que permite a atacantes remotos llevar a cabo ataques XML External Entity (XXE) y XML Entity Expansion (XEE) a través de un documento XML manipulado, un problema relacionado con la CVE-2015-5161. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/ • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8867 – php: openssl_random_pseudo_bytes() is not cryptographically secure

https://notcve.org/view.php?id=CVE-2015-8867

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. La función openssl_random_pseudo_bytes en ext/openssl/openssl.c en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 se basa incorrectamente en la función en desuso RAND_pseudo_bytes, lo que hace que sea más fácil para los atacantes remotos vencer a los mecanismos de protección de cifrado a través de vectores no especificados. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=16023f3e3b9c06cf677c3c980e8d574e4c162827 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7 • CWE-310: Cryptographic Issues •

CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-4439

https://notcve.org/view.php?id=CVE-2016-4439

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. La función esp_reg_write en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente el comando de longitud del buffer, lo que permite a los administradores de SO invitados locales provocar una denegación del servicio (escritura fuera de rango y caída del proceso QEMU) o potencialmente ejecutar código arbitrario en el anfitrión QEMU a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/05/19/3 http://www.securityfocus.com/bid/90760 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1337502 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html https://security.gentoo.org/glsa/201609-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-4441

https://notcve.org/view.php?id=CVE-2016-4441

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. La función get_cmd en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente la extensión DMA, lo que permite a administradores locales invitados del sistema operativo provocar una denegación del servicio (escritura fuera de rango y caída del proceso QEMU) a través de vectores no especificados, involucrando un comando SCSI. • http://www.openwall.com/lists/oss-security/2016/05/19/4 http://www.securityfocus.com/bid/90762 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1337505 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html https://security.gentoo.org/glsa/201609-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash

https://notcve.org/view.php?id=CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •