The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
Max CVSS
2.6
EPSS Score
0.97%
Published
2015-11-18
Updated
2019-03-08
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Max CVSS
5.0
EPSS Score
2.32%
Published
2015-11-17
Updated
2019-03-08
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
Max CVSS
6.8
EPSS Score
0.62%
Published
2015-11-18
Updated
2019-03-08
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
Max CVSS
7.5
EPSS Score
3.34%
Published
2015-11-22
Updated
2017-07-01
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
4.3
EPSS Score
0.27%
Published
2015-11-22
Updated
2015-11-30
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
Max CVSS
4.3
EPSS Score
0.06%
Published
2015-11-22
Updated
2015-11-23
6 vulnerabilities found