CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7116
https://notcve.org/view.php?id=CVE-2015-7116
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7115. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7115
https://notcve.org/view.php?id=CVE-2015-7115
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7116. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7067
https://notcve.org/view.php?id=CVE-2015-7067
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. IOThunderboltFamily en Apple OS X en versiones anteriores a 10.11.2 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de un tipo userclient no especificado. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7081
https://notcve.org/view.php?id=CVE-2015-7081
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. iBooks en Apple iOS en versiones anteriores a 9.2 y OS X en versiones anteriores a 10.11.2 permite a atacantes remotos leer archivos arbitrarios a través de un archivo de iBooks que contiene una declaración de entidad externa XML en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205635 https://support.apple.com/HT205637 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7094
https://notcve.org/view.php?id=CVE-2015-7094
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9.2 y OS X en versiones anteriores a 10.11.2 permite a atacantes man-in-the-middle eludir los mecanismos de protección HSTS a través de una URL manipulada. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205635 https://support.apple.com/HT205637 • CWE-20: Improper Input Validation •