Max CVSS 10.0 Min CVSS 2.1 Total Count68
IDCVSSSummaryLast (major) updatePublished
CVE-2016-4617 4.6
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.
23-03-2017 - 21:59 20-02-2017 - 03:59
CVE-2016-6174 6.8
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut
20-03-2017 - 21:59 12-07-2016 - 15:59
CVE-2016-4682 5.8
An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (
21-02-2017 - 18:48 20-02-2017 - 03:59
CVE-2016-7582 9.3
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory co
21-02-2017 - 17:57 20-02-2017 - 03:59
CVE-2016-4710 7.2
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
23-12-2016 - 21:59 25-09-2016 - 06:59
CVE-2016-4709 7.2
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
23-12-2016 - 21:59 25-09-2016 - 06:59
CVE-2016-0755 5.0
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
05-12-2016 - 22:05 29-01-2016 - 15:59
CVE-2016-6296 7.5
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
28-11-2016 - 15:31 25-07-2016 - 10:59
CVE-2016-5773 7.5
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5772 7.5
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5771 7.5
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5770 7.5
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5769 7.5
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5768 7.5
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5131 6.8
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-4779 6.8
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4778 9.3
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4777 9.3
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4776 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4775 7.2
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4774 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4773 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4772 5.0
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4771 4.3
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4755 2.1
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4753 9.3
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4752 4.3
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4750 9.3
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4748 4.6
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4745 5.0
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4742 4.3
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4739 4.3
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4738 9.3
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4736 9.3
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4727 9.3
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4726 9.3
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4725 5.8
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4724 9.3
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4723 9.3
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4722 7.1
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4718 4.3
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4717 5.0
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4716 7.2
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4715 4.3
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4713 4.3
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4712 9.3
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4711 5.0
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4708 4.3
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4707 2.1
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4706 4.9
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4703 9.3
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4702 10.0
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4701 2.1
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4700 9.3
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4699 9.3
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4698 9.3
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4697 9.3
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4696 9.3
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4694 7.5
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which migh
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-4658 10.0
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-6297 6.8
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6295 7.5
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6294 7.5
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6292 4.3
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6291 7.5
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6290 7.5
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6289 6.8
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6288 7.5
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
26-09-2016 - 22:00 25-07-2016 - 10:59
Back to Top Mark selected
Back to Top