CVE-2015-5787
- EPSS 1.44%
- Veröffentlicht 22.11.2015 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
CVE-2015-8035
- EPSS 3.2%
- Veröffentlicht 18.11.2015 16:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942
- EPSS 4.74%
- Veröffentlicht 18.11.2015 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...
- EPSS 4.16%
- Veröffentlicht 17.11.2015 15:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
CVE-2015-7023
- EPSS 1.63%
- Veröffentlicht 23.10.2015 21:59:55
- Zuletzt bearbeitet 06.05.2026 22:30:45
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
CVE-2015-7018
- EPSS 3.12%
- Veröffentlicht 23.10.2015 21:59:51
- Zuletzt bearbeitet 06.05.2026 22:30:45
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-20...
CVE-2015-7015
- EPSS 2.67%
- Veröffentlicht 23.10.2015 21:59:49
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.
CVE-2015-7013
- EPSS 2.43%
- Veröffentlicht 23.10.2015 21:59:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than oth...
CVE-2015-7014
- EPSS 2.68%
- Veröffentlicht 23.10.2015 21:59:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...
CVE-2015-7012
- EPSS 2.48%
- Veröffentlicht 23.10.2015 21:59:47
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...