Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:watchos:1.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5841 |
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. Published: September 18, 2015; 6:59:55 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5840 |
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. Published: September 18, 2015; 6:59:54 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5839 |
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. Published: September 18, 2015; 6:59:53 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5837 |
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Published: September 18, 2015; 6:59:52 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5834 |
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Published: September 18, 2015; 6:59:50 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5829 |
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. Published: September 18, 2015; 6:59:47 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5824 |
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: September 18, 2015; 6:59:43 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1819 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Published: August 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5523 |
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Published: August 11, 2015; 10:59:15 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5522 |
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Published: August 11, 2015; 10:59:14 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8147 |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. Published: May 25, 2015; 6:59:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8146 |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. Published: May 25, 2015; 6:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3416 |
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Published: April 24, 2015; 1:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3951 |
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. Published: June 05, 2013; 10:39:55 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |