The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Max CVSS
5.0
EPSS Score
94.65%
Published
2015-09-11
Updated
2016-12-22
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
Max CVSS
5.0
EPSS Score
0.37%
Published
2015-09-18
Updated
2018-10-09
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
Max CVSS
10.0
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.
Max CVSS
5.0
EPSS Score
0.69%
Published
2015-09-18
Updated
2016-12-22
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
Max CVSS
5.0
EPSS Score
5.37%
Published
2015-09-18
Updated
2016-12-22
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-09-18
Updated
2016-12-22
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-09-18
Updated
2016-12-22
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
Max CVSS
5.0
EPSS Score
0.34%
Published
2015-09-18
Updated
2016-12-22
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
Max CVSS
5.0
EPSS Score
3.37%
Published
2015-09-18
Updated
2016-12-22
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
Max CVSS
5.0
EPSS Score
0.41%
Published
2015-09-18
Updated
2016-12-22
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
Max CVSS
5.0
EPSS Score
0.34%
Published
2015-09-18
Updated
2016-12-22
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.
Max CVSS
6.9
EPSS Score
0.08%
Published
2015-09-18
Updated
2016-04-06
17 vulnerabilities found