Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-1950 | 6.8 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2015-7499 | 5.0 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
CVE-2015-7500 | 5.0 |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
CVE-2015-1819 | 5.0 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
|
27-12-2019 - 16:08 | 14-08-2015 - 18:59 | |
CVE-2016-1762 | 5.8 |
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
|
26-03-2019 - 17:11 | 24-03-2016 - 01:59 | |
CVE-2016-1740 | 9.3 |
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
|
25-03-2019 - 17:54 | 24-03-2016 - 01:59 | |
CVE-2016-1753 | 9.3 |
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
|
25-03-2019 - 17:49 | 24-03-2016 - 01:59 | |
CVE-2016-1784 | 4.3 |
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.
|
25-03-2019 - 17:46 | 24-03-2016 - 01:59 | |
CVE-2016-1752 | 7.1 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
|
25-03-2019 - 17:43 | 24-03-2016 - 01:59 | |
CVE-2016-1754 | 9.3 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
|
25-03-2019 - 17:41 | 24-03-2016 - 01:59 | |
CVE-2016-1755 | 9.3 |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulner
|
25-03-2019 - 17:41 | 24-03-2016 - 01:59 | |
CVE-2016-1751 | 6.8 |
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
|
25-03-2019 - 17:40 | 24-03-2016 - 01:59 | |
CVE-2016-1750 | 9.3 |
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. <a href="http://cwe.mitre.org/data/
|
25-03-2019 - 17:38 | 24-03-2016 - 01:59 | |
CVE-2016-1783 | 9.3 |
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
25-03-2019 - 17:38 | 24-03-2016 - 01:59 | |
CVE-2015-8242 | 5.8 |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
CVE-2015-7942 | 6.8 |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
CVE-2015-8659 | 10.0 |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
|
08-03-2019 - 16:06 | 12-01-2016 - 19:59 | |
CVE-2015-8035 | 2.6 |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
CVE-2015-5312 | 7.1 |
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
CVE-2016-0801 | 8.3 |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
|
08-03-2019 - 16:06 | 07-02-2016 - 01:59 | |
CVE-2016-0802 | 8.3 |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control me
|
08-03-2019 - 16:06 | 07-02-2016 - 01:59 | |
CVE-2016-1785 | 4.3 |
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a
|
09-10-2018 - 19:59 | 24-03-2016 - 01:59 | |
CVE-2016-1779 | 4.3 |
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
|
09-10-2018 - 19:59 | 24-03-2016 - 01:59 | |
CVE-2016-1786 | 5.8 |
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and o
|
09-10-2018 - 19:59 | 24-03-2016 - 01:59 | |
CVE-2016-1778 | 9.3 |
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
09-10-2018 - 19:59 | 24-03-2016 - 01:59 | |
CVE-2016-1782 | 4.3 |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.
|
09-10-2018 - 19:59 | 24-03-2016 - 01:59 | |
CVE-2016-1864 | 5.0 |
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
|
01-09-2017 - 01:29 | 19-06-2016 - 20:59 | |
CVE-2016-1788 | 2.6 |
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
|
03-12-2016 - 03:23 | 24-03-2016 - 01:59 | |
CVE-2016-1780 | 4.3 |
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
|
03-12-2016 - 03:23 | 24-03-2016 - 01:59 | |
CVE-2016-1761 | 10.0 |
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1766 | 5.0 |
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1763 | 3.5 |
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1760 | 2.1 |
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
|
03-12-2016 - 03:22 | 29-03-2016 - 15:59 | |
CVE-2016-1756 | 9.3 |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. <a href="http://cwe.mitre.org/data/definitions/47
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1734 | 7.2 |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1758 | 4.3 |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 | |
CVE-2016-1757 | 9.3 |
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
03-12-2016 - 03:22 | 24-03-2016 - 01:59 |