Vulnerabilities > Apple > Tvos > 9.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-01 | CVE-2016-1720 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2016-02-01 | CVE-2016-1719 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2016-02-01 | CVE-2016-1717 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2016-01-12 | CVE-2015-8659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | 10.0 |
2015-12-15 | CVE-2015-8242 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | 5.8 |
2015-12-15 | CVE-2015-5312 | Resource Management Errors vulnerability in multiple products The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | 7.1 |
2015-12-11 | CVE-2015-7068 | NULL Pointer Dereference vulnerability in Apple products IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | 9.3 |
2015-11-18 | CVE-2015-8035 | Resource Management Errors vulnerability in multiple products The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | 2.6 |
2015-11-18 | CVE-2015-7942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. | 6.8 |
2015-11-17 | CVE-2015-7995 | Remote Denial of Service vulnerability in libxslt 'libxslt/preproc.c' Type Confusion The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | 5.0 |