Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-0876 4.3
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
05-08-2022 - 14:52 03-07-2012 - 19:55
CVE-2012-1148 5.0
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation
25-01-2021 - 15:44 03-07-2012 - 19:55
CVE-2012-1147 4.3
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
25-01-2021 - 15:44 03-07-2012 - 19:55
CVE-2015-7068 9.3
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an un
25-03-2019 - 17:52 11-12-2015 - 11:59
CVE-2016-1748 4.3
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
25-03-2019 - 17:52 24-03-2016 - 01:59
CVE-2016-1775 9.3
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
25-03-2019 - 17:39 24-03-2016 - 01:59
CVE-2015-7116 4.3
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-711
08-03-2019 - 16:06 10-01-2016 - 03:59
CVE-2015-7074 6.8
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7060 6.8
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7039 6.8
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7111 9.3
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a differe
08-03-2019 - 16:06 11-12-2015 - 12:00
CVE-2015-7061 6.8
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7047 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7075 6.8
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7058 4.3
Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7043 4.3
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7066 6.8
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7054 6.8
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafte
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7040 4.3
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7042 4.3
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7112 9.3
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a differe
08-03-2019 - 16:06 11-12-2015 - 12:00
CVE-2015-7053 6.8
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7084 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7115 4.3
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-711
08-03-2019 - 16:06 10-01-2016 - 03:59
CVE-2015-7073 6.8
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7045 5.0
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7083 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7059 6.8
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7105 6.8
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
08-03-2019 - 16:06 11-12-2015 - 12:00
CVE-2015-7001 6.8
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7065 6.8
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7041 4.3
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7064 6.8
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7046 2.6
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with r
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-7038 6.8
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
08-03-2019 - 16:06 11-12-2015 - 11:59
CVE-2015-3807 4.3
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
08-03-2019 - 16:06 17-08-2015 - 00:00
CVE-2015-7107 6.8
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
13-09-2017 - 01:29 11-12-2015 - 12:00
CVE-2015-7076 7.2
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476:
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7044 7.6
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7081 5.0
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7078 7.2
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7067 2.1
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. <a href="https://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereferenc
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7071 10.0
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7052 7.2
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7062 4.6
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7110 6.9
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
13-09-2017 - 01:29 11-12-2015 - 12:00
CVE-2015-7094 2.6
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7063 7.2
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7108 7.2
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
13-09-2017 - 01:29 11-12-2015 - 12:00
CVE-2015-7077 7.2
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
13-09-2017 - 01:29 11-12-2015 - 11:59
CVE-2015-7109 9.3
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
13-09-2017 - 01:29 11-12-2015 - 12:00
CVE-2015-7106 7.2
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
13-09-2017 - 01:29 11-12-2015 - 12:00
CVE-2011-2895 9.3
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x
29-08-2017 - 01:29 19-08-2011 - 17:55
CVE-2015-6908 5.0
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
22-12-2016 - 03:00 11-09-2015 - 16:59
CVE-2015-7803 6.8
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry i
07-12-2016 - 18:25 11-12-2015 - 12:00
CVE-2015-7804 6.8
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filen
07-12-2016 - 18:25 11-12-2015 - 12:00
Back to Top Mark selected
Back to Top