| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. |
| Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682. |
| CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689. |
| Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702. |
| Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701. |
| QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. |
| CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
| The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. |
| The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. |
| The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. |
| Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. |
| libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. |
| Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. |
| Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." |
