Apple watchOS vulnerabilities

CVE-2015-5869 [LOW] CWE-20 CVE-2015-5869: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows r The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVE-2015-5863 [LOW] CWE-200 CVE-2015-5863: IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, wh IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

CVE-2015-5842 [LOW] CWE-200 CVE-2015-5842: XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.

CVE-2015-5898 [LOW] CWE-200 CVE-2015-5898: CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2015-1819 [MEDIUM] CWE-399 CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) vi The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

CVE-2015-5523 [MEDIUM] CWE-119 CVE-2015-5523: The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial o The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

CVE-2015-5522 [MEDIUM] CWE-119 CVE-2015-5522: Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

CVE-2014-8147 [HIGH] CWE-189 CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implemen The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly

CVE-2014-8146 [HIGH] CWE-119 CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implemen The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary

CVE-2015-3414 [HIGH] CWE-908 CVE-2015-3414: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which all SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

CVE-2015-3416 [HIGH] CWE-190 CVE-2015-3416: The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision a The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf fu

CVE-2015-3415 [HIGH] CWE-404 CVE-2015-3415: The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

CVE-2013-0340 [MEDIUM] CWE-611 CVE-2013-0340: expat before version 2.4.0 does not properly handle entities expansion unless an application develop expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE

CVE-2013-3951 [MEDIUM] CWE-20 CVE-2013-3951: sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering at

CVE-2011-2895 [CRITICAL] CVE-2011-2895: watchOS 2.1 Apple Security Update: About the security content of watchOS 2.1 Product: watchOS Version: 2.1 CVE: CVE-2011-2895 Component: CVE-ID Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking.