Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Max CVSS
10.0
EPSS Score
94.33%
Published
2008-09-12
Updated
2023-02-13
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
Max CVSS
10.0
EPSS Score
3.55%
Published
2008-10-10
Updated
2021-05-23
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
Max CVSS
10.0
EPSS Score
8.84%
Published
2009-08-03
Updated
2010-03-30
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Max CVSS
10.0
EPSS Score
94.14%
Published
2010-03-25
Updated
2017-09-19
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2010-09-09
Updated
2022-08-09
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
Max CVSS
10.0
EPSS Score
5.20%
Published
2010-08-24
Updated
2020-08-04
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
Max CVSS
10.0
EPSS Score
1.49%
Published
2012-03-09
Updated
2020-04-16
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.41%
Published
2012-10-11
Updated
2017-09-19
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
Max CVSS
10.0
EPSS Score
0.61%
Published
2014-07-01
Updated
2019-03-08
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
Max CVSS
10.0
EPSS Score
0.61%
Published
2014-07-01
Updated
2019-03-08
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.82%
Published
2014-07-01
Updated
2019-03-08
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.58%
Published
2014-07-01
Updated
2022-06-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
Max CVSS
10.0
EPSS Score
0.88%
Published
2015-01-30
Updated
2019-03-08
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
10.0
EPSS Score
0.80%
Published
2015-01-30
Updated
2019-03-08
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
10.0
EPSS Score
1.51%
Published
2015-01-30
Updated
2019-03-08
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
10.0
EPSS Score
2.08%
Published
2015-01-30
Updated
2019-03-08
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
10.0
EPSS Score
2.08%
Published
2015-01-30
Updated
2019-03-08
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
Max CVSS
10.0
EPSS Score
2.19%
Published
2015-01-30
Updated
2019-03-08
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
Max CVSS
10.0
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
Max CVSS
10.0
EPSS Score
3.61%
Published
2015-10-23
Updated
2016-12-24
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
Max CVSS
10.0
EPSS Score
0.84%
Published
2015-12-11
Updated
2016-12-07
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
Max CVSS
10.0
EPSS Score
2.13%
Published
2016-01-12
Updated
2019-03-08
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Max CVSS
10.0
EPSS Score
4.95%
Published
2016-03-24
Updated
2016-12-03
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Max CVSS
10.0
EPSS Score
0.95%
Published
2016-06-09
Updated
2023-02-12
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
Max CVSS
10.0
EPSS Score
1.92%
Published
2016-09-25
Updated
2019-03-13
2270 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!