Max CVSS 10.0 Min CVSS 2.1 Total Count54
IDCVSSSummaryLast (major) updatePublished
CVE-2015-3195 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob
08-05-2017 - 21:29 06-12-2015 - 15:59
CVE-2016-0778 4.6
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r
16-02-2017 - 21:59 14-01-2016 - 17:59
CVE-2016-0777 4.0
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading
16-02-2017 - 21:59 14-01-2016 - 17:59
CVE-2016-1762 10.0
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
27-12-2016 - 21:59 23-03-2016 - 21:59
CVE-2015-1819 5.0
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
21-12-2016 - 21:59 14-08-2015 - 14:59
CVE-2015-8659 10.0
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
07-12-2016 - 13:29 12-01-2016 - 14:59
CVE-2015-8472 7.5
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or
07-12-2016 - 13:28 21-01-2016 - 10:59
CVE-2015-8242 5.8
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
07-12-2016 - 13:26 15-12-2015 - 16:59
CVE-2015-8126 7.5
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den
07-12-2016 - 13:26 12-11-2015 - 22:59
CVE-2015-8035 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
07-12-2016 - 13:26 18-11-2015 - 11:59
CVE-2015-7942 6.8
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
07-12-2016 - 13:25 18-11-2015 - 11:59
CVE-2015-7500 5.0
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-7499 5.0
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-5312 7.1
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
07-12-2016 - 13:16 15-12-2015 - 16:59
CVE-2016-1950 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1788 2.6
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
02-12-2016 - 22:23 23-03-2016 - 21:59
CVE-2016-1775 9.3
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
02-12-2016 - 22:23 23-03-2016 - 21:59
CVE-2016-1773 2.1
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1770 4.3
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1769 6.8
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1768 6.8
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1767 6.8
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1764 4.3
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1761 10.0
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1759 9.3
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1758 4.3
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1757 9.3
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1756 9.3
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1755 9.3
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1754 9.3
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1753 9.3
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1752 9.3
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1750 9.3
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1749 9.3
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1748 4.3
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1747 9.3
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1746 9.3
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1745 2.1
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1744 9.3
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1743 9.3
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1741 10.0
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1740 9.3
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1738 7.2
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1737 6.8
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1736 9.3
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1735 9.3
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1734 7.2
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1733 9.3
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-1732 2.1
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-0802 8.3
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
02-12-2016 - 22:18 06-02-2016 - 20:59
CVE-2016-0801 8.3
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
02-12-2016 - 22:18 06-02-2016 - 20:59
CVE-2015-7551 4.6
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers
28-11-2016 - 14:43 23-03-2016 - 21:59
CVE-2015-0973 7.5
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-94
20-10-2016 - 14:46 18-01-2015 - 13:59
CVE-2014-9495 10.0
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
17-10-2016 - 23:45 10-01-2015 - 14:59
Back to Top Mark selected
Back to Top