| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-8242 |
119 |
|
DoS Overflow +Info |
2015-12-15 |
2017-09-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
|
2 |
CVE-2015-8126 |
119 |
|
DoS Overflow |
2015-11-12 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. |
|
3 |
CVE-2015-8035 |
399 |
|
DoS |
2015-11-18 |
2017-09-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
|
4 |
CVE-2015-7995 |
|
|
DoS |
2015-11-17 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. |
|
5 |
CVE-2015-7942 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
|
6 |
CVE-2015-7804 |
189 |
|
DoS |
2015-12-11 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. |
|
7 |
CVE-2015-7803 |
|
|
DoS |
2015-12-11 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. |
|
8 |
CVE-2015-7761 |
200 |
|
+Info |
2015-10-09 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. |
|
9 |
CVE-2015-7760 |
399 |
|
DoS |
2015-10-09 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. |
|
10 |
CVE-2015-7500 |
119 |
|
DoS Overflow |
2015-12-15 |
2017-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. |
|
11 |
CVE-2015-7499 |
119 |
|
Overflow +Info |
2015-12-15 |
2017-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. |
|
12 |
CVE-2015-7112 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111. |
|
13 |
CVE-2015-7111 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112. |
|
14 |
CVE-2015-7110 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. |
|
15 |
CVE-2015-7109 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
16 |
CVE-2015-7108 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
17 |
CVE-2015-7107 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. |
|
18 |
CVE-2015-7106 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
19 |
CVE-2015-7105 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
|
20 |
CVE-2015-7094 |
20 |
|
Bypass |
2015-12-11 |
2017-09-12 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. |
|
21 |
CVE-2015-7084 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083. |
|
22 |
CVE-2015-7083 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084. |
|
23 |
CVE-2015-7081 |
|
|
|
2015-12-11 |
2017-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
24 |
CVE-2015-7078 |
|
|
+Priv |
2015-12-11 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. |
|
25 |
CVE-2015-7077 |
119 |
|
DoS Overflow +Priv |
2015-12-11 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors. |
|
26 |
CVE-2015-7076 |
|
|
DoS +Priv |
2015-12-11 |
2017-09-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. |
|
27 |
CVE-2015-7075 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file. |
|
28 |
CVE-2015-7074 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file. |
|
29 |
CVE-2015-7073 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake. |
|
30 |
CVE-2015-7071 |
264 |
|
Bypass |
2015-12-11 |
2017-09-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. |
|
31 |
CVE-2015-7068 |
|
|
DoS Exec Code |
2015-12-11 |
2017-09-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. |
|
32 |
CVE-2015-7067 |
|
|
DoS |
2015-12-11 |
2017-09-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. |
|
33 |
CVE-2015-7066 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064. |
|
34 |
CVE-2015-7065 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
35 |
CVE-2015-7064 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066. |
|
36 |
CVE-2015-7063 |
264 |
|
+Priv |
2015-12-11 |
2017-09-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. |
|
37 |
CVE-2015-7062 |
264 |
|
Bypass |
2015-12-11 |
2017-09-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. |
|
38 |
CVE-2015-7061 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7060. |
|
39 |
CVE-2015-7060 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7061. |
|
40 |
CVE-2015-7059 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061. |
|
41 |
CVE-2015-7058 |
200 |
|
+Info |
2015-12-11 |
2017-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. |
|
42 |
CVE-2015-7054 |
19 |
|
Exec Code |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site. |
|
43 |
CVE-2015-7053 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-11 |
2017-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image. |
|
44 |
CVE-2015-7052 |
264 |
|
+Priv |
2015-12-11 |
2017-09-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. |
|
45 |
CVE-2015-7047 |
20 |
|
+Priv |
2015-12-11 |
2017-09-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. |
|
46 |
CVE-2015-7046 |
200 |
|
Bypass +Info |
2015-12-11 |
2017-09-12 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges. |
|
47 |
CVE-2015-7045 |
17 |
|
|
2015-12-11 |
2017-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. |
|
48 |
CVE-2015-7044 |
254 |
|
Exec Code |
2015-12-11 |
2017-09-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. |
|
49 |
CVE-2015-7043 |
|
|
DoS |
2015-12-11 |
2017-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042. |
|
50 |
CVE-2015-7042 |
|
|
DoS |
2015-12-11 |
2017-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043. |
