) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.11.1
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-7995 |
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Published: November 17, 2015; 10:59:16 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-8126 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Published: November 12, 2015; 10:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-6908 |
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Published: September 11, 2015; 12:59:12 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-3807 |
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Published: August 16, 2015; 8:00:22 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2015-1819 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Published: August 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-0973 |
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Published: January 18, 2015; 1:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2014-9495 |
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Published: January 10, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2012-1148 |
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Published: July 03, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2012-1147 |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Published: July 03, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |