Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-1950 | 6.8 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2015-0973 | 7.5 |
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-94
|
19-07-2024 - 14:15 | 18-01-2015 - 18:59 | |
CVE-2015-7499 | 5.0 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
CVE-2015-7500 | 5.0 |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
CVE-2015-3195 | 5.0 |
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob
|
13-12-2022 - 12:15 | 06-12-2015 - 20:59 | |
CVE-2016-0777 | 4.0 |
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading
|
13-12-2022 - 12:15 | 14-01-2016 - 22:59 | |
CVE-2016-0778 | 4.6 |
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r
|
13-12-2022 - 12:15 | 14-01-2016 - 22:59 | |
CVE-2015-8126 | 7.5 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den
|
13-05-2022 - 14:57 | 13-11-2015 - 03:59 | |
CVE-2015-1819 | 5.0 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
|
27-12-2019 - 16:08 | 14-08-2015 - 18:59 | |
CVE-2016-1762 | 5.8 |
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
|
26-03-2019 - 17:11 | 24-03-2016 - 01:59 | |
CVE-2016-1740 | 9.3 |
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
|
25-03-2019 - 17:54 | 24-03-2016 - 01:59 | |
CVE-2016-1753 | 9.3 |
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
|
25-03-2019 - 17:49 | 24-03-2016 - 01:59 | |
CVE-2016-1752 | 7.1 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
|
25-03-2019 - 17:43 | 24-03-2016 - 01:59 | |
CVE-2016-1754 | 9.3 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
|
25-03-2019 - 17:41 | 24-03-2016 - 01:59 | |
CVE-2016-1755 | 9.3 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
|
25-03-2019 - 17:41 | 24-03-2016 - 01:59 | |
CVE-2016-1750 | 9.3 |
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. <a href="http://cwe.mitre.org/data/
|
25-03-2019 - 17:38 | 24-03-2016 - 01:59 | |
CVE-2015-8242 | 5.8 |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
CVE-2015-7942 | 6.8 |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
CVE-2015-8659 | 10.0 |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
|
08-03-2019 - 16:06 | 12-01-2016 - 19:59 | |
CVE-2015-8035 | 2.6 |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
CVE-2015-5312 | 7.1 |
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
CVE-2016-0801 | 8.3 |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
|
08-03-2019 - 16:06 | 07-02-2016 - 01:59 | |
CVE-2016-0802 | 8.3 |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
|
08-03-2019 - 16:06 | 07-02-2016 - 01:59 | |
CVE-2015-7551 | 4.6 |
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers
|
28-03-2018 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2015-8472 | 7.5 |
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or
|
04-11-2017 - 01:29 | 21-01-2016 - 15:59 | |
CVE-2016-1741 | 10.0 |
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1749 | 9.3 |
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1768 | 6.8 |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1769 | 6.8 |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1744 | 9.3 |
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1743 | 9.3 |
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
|
08-09-2017 - 01:29 | 24-03-2016 - 01:59 | |
CVE-2016-1788 | 2.6 |
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
|
03-12-2016 - 03:23 | 24-03-2016 - 01:59 | |
CVE-2016-1737 | 6.8 |
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1761 | 10.0 |
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1736 | 9.3 |
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1764 | 4.3 |
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1747 | 9.3 |
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1767 | 6.8 |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1735 | 9.3 |
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1759 | 9.3 |
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1756 | 9.3 |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. <a href="http://cwe.mitre.org/data/definitions/47
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1734 | 7.2 |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1745 | 2.1 |
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1773 | 2.1 |
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1758 | 4.3 |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1746 | 9.3 |
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1732 | 2.1 |
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1757 | 9.3 |
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1770 | 4.3 |
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1738 | 7.2 |
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1733 | 9.3 |
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2014-9495 | 10.0 |
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
|
18-10-2016 - 03:45 | 10-01-2015 - 19:59 |