Page 96 of 1430 results (0.009 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

CVE-2016-4356

https://notcve.org/view.php?id=CVE-2016-4356

The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. La función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.3 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) borrando el bit del byte después de datos codificados UTF-8 no válidos. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.openwall.com/lists/oss-security/2016/05/10/3 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2016-4579

https://notcve.org/view.php?id=CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y caída) a través de vectores no especificados, relacionado "longitud devuelta del objeto de _ksba_ber_parse_tl". • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 http://lists.opensuse.org/opensuse-updates/2016-06/msg00028.html http://www.openwall.com/lists/oss-security/2016/05/10/8 http://www.openwall.com/lists/oss-security/2016/05/11/10 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201706-22 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-4354

https://notcve.org/view.php?id=CVE-2016-4354

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 usa un tipo de información integrada incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0

CVE-2016-1835 – libxml2: Heap use-after-free in xmlSAX2AttributeNs

https://notcve.org/view.php?id=CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. Vulnerabilidad de uso después de liberación de memoria en la función xmlSAX2AttributeNs en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2 y OS X en versiones anteriores a 10.11.5, permite a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2

CVE-2016-1833 – libxml2: Heap-based buffer overread in htmlCurrentChar

https://notcve.org/view.php?id=CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función htmlCurrentChar en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •