Max CVSS 10.0 Min CVSS 2.1 Total Count62
IDCVSSSummaryLast (major) updatePublished
CVE-2016-4449 5.8
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
11-05-2017 - 21:29 09-06-2016 - 12:59
CVE-2016-2108 10.0
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne
09-05-2017 - 21:29 04-05-2016 - 21:59
CVE-2016-2107 2.6
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against
09-05-2017 - 21:29 04-05-2016 - 21:59
CVE-2016-4650 9.3
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
25-04-2017 - 14:39 20-04-2017 - 13:59
CVE-2016-4483 5.0
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne
18-04-2017 - 12:19 11-04-2017 - 12:59
CVE-2016-0718 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
02-03-2017 - 21:59 26-05-2016 - 12:59
CVE-2016-4448 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
28-02-2017 - 21:59 09-06-2016 - 12:59
CVE-2016-4447 5.0
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
28-02-2017 - 21:59 09-06-2016 - 12:59
CVE-2016-2176 6.4
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EB
28-02-2017 - 21:59 04-05-2016 - 21:59
CVE-2016-2109 7.8
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
28-02-2017 - 21:59 04-05-2016 - 21:59
CVE-2016-2106 5.0
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
28-02-2017 - 21:59 04-05-2016 - 21:59
CVE-2016-2105 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
28-02-2017 - 21:59 04-05-2016 - 21:59
CVE-2016-1836 6.8
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-5093 7.5
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-
17-01-2017 - 21:59 07-08-2016 - 06:59
CVE-2013-7456 6.8
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified ot
17-01-2017 - 21:59 07-08-2016 - 06:59
CVE-2016-1684 5.1
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly hav
29-11-2016 - 22:04 05-06-2016 - 19:59
CVE-2016-5096 7.5
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
28-11-2016 - 15:22 07-08-2016 - 06:59
CVE-2016-5094 7.5
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string
28-11-2016 - 15:22 07-08-2016 - 06:59
CVE-2016-4652 3.3
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4649 2.1
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4648 4.9
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4647 7.2
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4646 4.3
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4645 2.1
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4641 9.3
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4640 9.3
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 21-07-2016 - 23:00
CVE-2016-4639 4.4
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4638 9.3
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4637 6.8
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4635 3.5
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4634 7.2
The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4633 6.9
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4632 5.0
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4631 6.8
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4630 6.8
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4629 10.0
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4626 7.2
IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4625 7.2
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4621 9.3
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4619 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candidate is a reservation duplicate of CVE-2015-8317. Notes: All CVE users should reference CVE-2015-8317 instead of this candidate. All references and descr
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4616 7.5
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4615 7.5
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4614 7.5
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4612 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descr
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4610 7.5
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4609 7.5
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4608 7.5
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4607 7.5
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4602 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4601 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4600 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4599 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4598 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4597 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4596 6.8
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4595 2.1
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4594 4.6
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4582 7.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-1865 4.9
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
28-11-2016 - 15:02 21-07-2016 - 22:59
CVE-2016-1864 5.0
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
28-11-2016 - 15:02 19-06-2016 - 16:59
CVE-2016-1863 7.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-
28-11-2016 - 15:02 21-07-2016 - 22:59
CVE-2014-9862 7.2
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
28-11-2016 - 14:15 21-07-2016 - 22:59
Back to Top Mark selected
Back to Top