Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:watchos:2.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1720 |
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Published: February 01, 2016; 6:59:04 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-1719 |
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Published: February 01, 2016; 6:59:03 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-1717 |
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Published: February 01, 2016; 6:59:01 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-8659 |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. Published: January 12, 2016; 2:59:13 PM -0500 |
V3.0: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-8242 |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Published: December 15, 2015; 4:59:07 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-7500 |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. Published: December 15, 2015; 4:59:05 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7499 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Published: December 15, 2015; 4:59:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5312 |
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. Published: December 15, 2015; 4:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-8035 |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Published: November 18, 2015; 11:59:09 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-7942 |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Published: November 18, 2015; 11:59:06 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-7995 |
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Published: November 17, 2015; 10:59:16 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1819 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Published: August 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |