CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 4CVE-2015-5522
https://notcve.org/view.php?id=CVE-2015-5522
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Desbordamiento de buffer basado en memoria dinámica en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando un carácter de comando en un href. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.debian.org/security/2015/dsa-3309 http://www.openwall.com/lists/oss-security/2015/06/04/2 http://www.openwall.com/lists/oss-security/2015/07/13/7 http://www.openwall.com/lists/oss-security/2015/07/15/3 http://www.securityfocus.com/bid/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 9EXPL: 3CVE-2015-5523
https://notcve.org/view.php?id=CVE-2015-5523
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Vulnerabilidad en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando múltiples espacios en blanco antes de un href vacío, lo que desencadena una asignación de memoria de gran tamaño. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.debian.org/security/2015/dsa-3309 http://www.openwall.com/lists/oss-security/2015/06/04/2 http://www.openwall.com/lists/oss-security/2015/07/13/7 http://www.openwall.com/lists/oss-security/2015/07/15/3 http://www.securityfocus.com/bid/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3725
https://notcve.org/view.php?id=CVE-2015-3725
MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. MobileInstallation en Apple iOS anterior a 8.4 no asegura la singularidad de los identificadores de los paquetes Watch, lo que permite a atacantes causar una denegación de servicio (colisión de identificadores y la interrupción del lanzamiento de Watch) a través de una aplicación de perfiles de provisionamiento manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://support.apple.com/kb/HT204941 http://www.securityfocus.com/bid/75490 http://www.securitytracker.com/id/1032761 • CWE-399: Resource Management Errors •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3728
https://notcve.org/view.php?id=CVE-2015-3728
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. La característica WiFi Connectivity en Apple iOS anterior a 8.4 permite a puntos de acceso remotos de Wi-Fi provocar una asociación automática, con un tipo de seguridad arbitrario, mediante la operación con un ESSID reconocido dentro de la área de cubertura de una red 802.11. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://support.apple.com/kb/HT204941 http://www.securityfocus.com/bid/75490 http://www.securitytracker.com/id/1032761 • CWE-254: 7PK - Security Features •