CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2015-7995 – Ubuntu Security Notice USN-3271-1
https://notcve.org/view.php?id=CVE-2015-7995
17 Nov 2015 — The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. La función xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegación de servicio a través de un archivo XML manipulado, relacionado a un problema 'type confusion'. Holger Fuhrmannek discovered an in... • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 2CVE-2015-7942 – libxml2: heap-based buffer overflow in xmlParseConditionalSections()
https://notcve.org/view.php?id=CVE-2015-7942
17 Nov 2015 — The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. La función xmlParseConditionalSections en parser.c en libxml2 no omite adecuadamente las entidades intermediarias cuando se detiene el análisis de entrada no válida, lo que permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 1CVE-2015-8035 – libxml2: DoS caused by incorrect error detection during XZ decompression
https://notcve.org/view.php?id=CVE-2015-8035
17 Nov 2015 — The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. La función xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresión, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cuelgue del proceso) a través de datos XML manipulados. A denial of service flaw was found in libxml2. A remote attacker... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-252: Unchecked Return Value CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3807 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-3807
13 Aug 2015 — libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Vulnerabilidad en libxml2 en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. OS X... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 3%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1094 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1094
09 Apr 2015 — IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOAcceleratorFamily en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1097 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1097
09 Apr 2015 — IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOMobileFramebuffer en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 9%CPEs: 3EXPL: 0CVE-2015-1102 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1102
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no maneja correctamente las cabeceras TCP, lo que permite a atacantes man-in-the-middle causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1118 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1118
09 Apr 2015 — libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. libnetcore en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un perfil de configuración manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •