9573 matches found
CVE-2016-3934
drivers/media/platform/msm/camerav2/sensor/io/msmcameraccii2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka...
UBUNTU-CVE-2016-3922
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619...
CVE-2016-3922
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619...
Debian Security Advisory DSA 3687-1 (nspr - security update)
Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project. CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to...
ALPINE-CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable...
CVE-2016-3658
CVE-2016-3658 affects LibTIFF 4.0.6 and earlier, where TIFFWriteDirectoryTagLongLong8Array in tif_dirwrite.c (tiffset tool) enables remote out-of-bounds reads, causing denial of service. Mitigation: upgrade LibTIFF to 4.0.7 or newer (see Debian/Arch advisories and upstream fixes).
UBUNTU-CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2388-1)
This update for OpenSSH fixes the following issues : - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc97063...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Code injection
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
UBUNTU-CVE-2016-4758
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site...
Code injection
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4758
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site...
CVE-2016-4748
CVE-2016-4748 describes a localPrivilege bypass in Perl on macOS OS X before 10.12, where taint-mode protection can be bypassed via a crafted environment variable. The vulnerability affects Perl within macOS/OS X and is documented in Appleās security content for macOS Sierra 10.12. The connected ...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...