Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:tvos:9.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-7499 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Published: December 15, 2015; 4:59:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5312 |
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. Published: December 15, 2015; 4:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-8035 |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Published: November 18, 2015; 11:59:09 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-7942 |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Published: November 18, 2015; 11:59:06 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-7995 |
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Published: November 17, 2015; 10:59:16 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1819 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Published: August 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |