10.11.1

DATE	CVE	VULNERABILITY TITLE	RISK
2015-08-14	CVE-2015-1819	Resource Management Errors vulnerability in multiple products The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. network low complexity debian canonical redhat xmlsoft oracle apple opensuse fedoraproject CWE-399	5.0
2015-01-18	CVE-2015-0973	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. network low complexity oracle libpng apple CWE-119	7.5
2015-01-10	CVE-2014-9495	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. network low complexity apple libpng CWE-119 critical	10.0
2012-07-03	CVE-2012-1147	Improper Input Validation vulnerability in multiple products readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. network apple libexpat-project CWE-20	4.3