CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-9838 – Gentoo Linux Security Advisory 202007-48
https://notcve.org/view.php?id=CVE-2018-9838
06 Apr 2018 — The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. La función caml_ba_deserialize en byterun/bigarray.c en la biblioteca estándar en OCaml 4.06.0 tiene un desbordamiento de enteros que, en situaciones en las que los datos serializado... • https://caml.inria.fr/mantis/view.php?id=7765 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17519
https://notcve.org/view.php?id=CVE-2017-17519
14 Dec 2017 — batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. batteriesConfig.mlp en OCaml Batteries Included (también conocido como ocaml-batteries) 2.6 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo... • https://security-tracker.debian.org/tracker/CVE-2017-17519 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9779
https://notcve.org/view.php?id=CVE-2017-9779
07 Sep 2017 — OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." El compilador OCaml permite que los atacantes provoquen un impacto sin especificar mediante vectores desconocidos. Este problema es parecido al de CVE-2017-9772 "pero con un impacto mucho menor." • https://github.com/homjxi0e/CVE-2017-9779 •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2017-9772 – Gentoo Linux Security Advisory 201710-07
https://notcve.org/view.php?id=CVE-2017-9772
23 Jun 2017 — Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable. Una sanitización insuficiente en las versiones 4.04.0 y 4.04.1 del compilador de OCaml permite que se ejecute código con privilegios elevados en binarios marcados como setuid, estableciendo la variable de entorno CAML_CPLUGINS, CAML_NATIVE_CPLUGINS o CA... • http://www.securityfocus.com/bid/99277 •
CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 0CVE-2015-8869 – ocaml: sizes arguments are sign-extended from 32 to 64 bits
https://notcve.org/view.php?id=CVE-2015-8869
13 Jun 2016 — OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. OCaml en versiones anteriores a 4.03.0 no maneja correctamente extensiones de firma, lo que permite a atacantes remotos llevar a cabo ataques de desbordamiento de buffer u obtener información sensible según lo demostrado por una cadena larga para la función String.copy. An integer conversio... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184507.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2942 – Debian Linux Security Advisory 1910-1
https://notcve.org/view.php?id=CVE-2009-2942
15 Oct 2009 — The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. El mysql-ocaml bindings v1.0.4 para MySQL no soporta adecuadamente la función mysql_real_escape_string, lo que puede permitir a atacantes remotos elevar vulnerabilidades de escape incluyendo codificaciones de caracteres multibyte. It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing... • http://secunia.com/advisories/37047 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2943 – Debian Linux Security Advisory 1909-1
https://notcve.org/view.php?id=CVE-2009-2943
15 Oct 2009 — The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. Los vínculos Postgresql-ocaml v1.5.4, v1.7.0, y v1.12.1 para la librería libpq para PostgreSQL no soporta de forma adecuada la función PQescapeStringConn, lo que podría permitir a atacantes remotos aprovechas cuestiones de escape incluidas en las codificaciones de carácter m... • http://secunia.com/advisories/37048 •