The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
| Max Base Score | 5.8 |
| Published | 2015-12-15 |
| Updated | 2019-03-08 |
| EPSS | 0.65% |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
| Max Base Score | 2.6 |
| Published | 2015-11-18 |
| Updated | 2019-03-08 |
| EPSS | 0.97% |
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
| Max Base Score | 5.0 |
| Published | 2015-11-17 |
| Updated | 2019-03-08 |
| EPSS | 2.32% |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
| Max Base Score | 6.8 |
| Published | 2015-11-18 |
| Updated | 2019-03-08 |
| EPSS | 0.62% |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
| Max Base Score | 5.0 |
| Published | 2015-12-15 |
| Updated | 2023-02-13 |
| EPSS | 0.97% |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
| Max Base Score | 5.0 |
| Published | 2015-12-15 |
| Updated | 2023-02-13 |
| EPSS | 0.25% |
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
| Max Base Score | 10.0 |
| Published | 2015-12-11 |
| Updated | 2016-12-07 |
| EPSS | 0.84% |
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
| Max Base Score | 9.3 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.29% |
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
| Max Base Score | 9.3 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.27% |
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
| Max Base Score | 6.9 |
| Published | 2015-12-11 |
| Updated | 2017-09-13 |
| EPSS | 0.04% |
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
| Max Base Score | 9.3 |
| Published | 2015-12-11 |
| Updated | 2017-09-13 |
| EPSS | 0.25% |
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2017-09-13 |
| EPSS | 1.84% |
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 1.80% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
| Max Base Score | 6.8 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.69% |
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
| Max Base Score | 2.6 |
| Published | 2015-12-11 |
| Updated | 2017-09-13 |
| EPSS | 0.13% |
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
| Max Base Score | 7.2 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.04% |
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
| Max Base Score | 7.2 |
| Published | 2015-12-11 |
| Updated | 2019-03-08 |
| EPSS | 0.04% |