CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7113 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-7113
10 Dec 2015 — The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. El componente LaunchServices en Apple iOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una lista de propiedades mal formada. ... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2015-7500 – libxml2: Heap buffer overflow in xmlParseMisc
https://notcve.org/view.php?id=CVE-2015-7500
07 Dec 2015 — The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. La función xmlParseMisc en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de vectores no especificados relacionados con límites de entidades... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2015-7499 – libxml2: Heap-based buffer overflow in xmlGROW
https://notcve.org/view.php?id=CVE-2015-7499
07 Dec 2015 — Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlGROW en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto obtener información sensible de la memoria de proceso a través de vectores no especificados. A denial of service flaw was found in libxml2. A r... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2015-8242 – libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode
https://notcve.org/view.php?id=CVE-2015-8242
07 Dec 2015 — The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. La función xmlSAX2TextNode en SAX2.c en la interfaz push en el parser HTML en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio (sobre lectura de buffer basado en pila... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-5312 – libxml2: CPU exhaustion when processing specially crafted XML input
https://notcve.org/view.php?id=CVE-2015-5312
07 Dec 2015 — The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. La función xmlStringLenDecodeEntities en parser.c en libxml2 en versiones anteriores a 2.9.3 no previene adecuadamente la expansión de entidad, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cons... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2015-7995 – Ubuntu Security Notice USN-3271-1
https://notcve.org/view.php?id=CVE-2015-7995
17 Nov 2015 — The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. La función xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegación de servicio a través de un archivo XML manipulado, relacionado a un problema 'type confusion'. Holger Fuhrmannek discovered an in... • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html •
CVSS: 7.1EPSS: 1%CPEs: 13EXPL: 2CVE-2015-7942 – libxml2: heap-based buffer overflow in xmlParseConditionalSections()
https://notcve.org/view.php?id=CVE-2015-7942
17 Nov 2015 — The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. La función xmlParseConditionalSections en parser.c en libxml2 no omite adecuadamente las entidades intermediarias cuando se detiene el análisis de entrada no válida, lo que permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 1CVE-2015-8035 – libxml2: DoS caused by incorrect error detection during XZ decompression
https://notcve.org/view.php?id=CVE-2015-8035
17 Nov 2015 — The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. La función xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresión, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cuelgue del proceso) a través de datos XML manipulados. A denial of service flaw was found in libxml2. A remote attacker... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-252: Unchecked Return Value CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7006 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7006
21 Oct 2015 — Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. Vulnerabilidad de salto de directorio en el componente BOM (también conocido como Bill of Materials) en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes remotos ejecutar código arbitrario a t... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6989 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-6989
21 Oct 2015 — Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. Grand Central Dispatch en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a tra... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •