| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4448 | 10.0 |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
|
12-02-2023 - 23:21 | 09-06-2016 - 16:59 | |
| CVE-2016-4447 | 5.0 |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
|
12-02-2023 - 23:21 | 09-06-2016 - 16:59 | |
| CVE-2016-4614 | 7.5 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
01-12-2020 - 19:57 | 22-07-2016 - 02:59 | |
| CVE-2016-4608 | 7.5 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
20-11-2020 - 19:03 | 22-07-2016 - 02:59 | |
| CVE-2016-4610 | 7.5 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
20-11-2020 - 15:54 | 22-07-2016 - 02:59 | |
| CVE-2016-4609 | 7.5 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
09-10-2020 - 18:32 | 22-07-2016 - 02:59 | |
| CVE-2016-4607 | 7.5 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
09-10-2020 - 18:03 | 22-07-2016 - 02:59 | |
| CVE-2016-4584 | 6.8 |
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
25-03-2019 - 17:35 | 22-07-2016 - 02:59 | |
| CVE-2016-4586 | 6.8 |
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
25-03-2019 - 17:35 | 22-07-2016 - 02:59 | |
| CVE-2016-4582 | 7.2 |
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-
|
25-03-2019 - 17:34 | 22-07-2016 - 02:59 | |
| CVE-2016-1836 | 4.3 |
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via
|
25-03-2019 - 17:25 | 20-05-2016 - 10:59 | |
| CVE-2016-4623 | 6.8 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-
|
25-03-2019 - 17:04 | 22-07-2016 - 02:59 | |
| CVE-2016-4624 | 6.8 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-
|
25-03-2019 - 17:04 | 22-07-2016 - 02:59 | |
| CVE-2016-4622 | 6.8 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-
|
25-03-2019 - 17:04 | 22-07-2016 - 02:59 | |
| CVE-2016-4589 | 6.8 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-
|
25-03-2019 - 17:04 | 22-07-2016 - 02:59 | |
| CVE-2016-4591 | 7.8 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
|
25-03-2019 - 17:04 | 22-07-2016 - 02:59 | |
| CVE-2016-4637 | 6.8 |
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
|
25-03-2019 - 16:53 | 22-07-2016 - 02:59 | |
| CVE-2016-4653 | 7.2 |
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-
|
25-03-2019 - 16:53 | 22-07-2016 - 03:00 | |
| CVE-2016-4632 | 5.0 |
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
25-03-2019 - 16:52 | 22-07-2016 - 02:59 | |
| CVE-2016-4616 | 7.5 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
25-03-2019 - 16:52 | 22-07-2016 - 02:59 | |
| CVE-2016-4626 | 7.2 |
IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
25-03-2019 - 16:52 | 22-07-2016 - 02:59 | |
| CVE-2016-4631 | 6.8 |
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
|
25-03-2019 - 16:52 | 22-07-2016 - 02:59 | |
| CVE-2016-4615 | 7.5 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly
|
25-03-2019 - 16:52 | 22-07-2016 - 02:59 | |
| CVE-2016-1863 | 7.2 |
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-
|
20-03-2019 - 15:20 | 22-07-2016 - 02:59 | |
| CVE-2016-1865 | 4.9 |
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
20-03-2019 - 15:17 | 22-07-2016 - 02:59 | |
| CVE-2016-4583 | 2.6 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
|
20-03-2019 - 14:24 | 22-07-2016 - 02:59 | |
| CVE-2016-4592 | 7.1 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.
|
20-03-2019 - 14:10 | 22-07-2016 - 02:59 | |
| CVE-2016-4594 | 6.8 |
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
|
20-03-2019 - 13:41 | 22-07-2016 - 02:59 | |
| CVE-2016-4627 | 7.2 |
IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
19-03-2019 - 18:59 | 22-07-2016 - 02:59 | |
| CVE-2016-4587 | 4.3 |
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
|
19-03-2019 - 12:18 | 22-07-2016 - 02:59 | |
| CVE-2016-4588 | 6.8 |
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
19-03-2019 - 01:09 | 22-07-2016 - 02:59 | |
| CVE-2016-4585 | 4.3 |
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying re
|
18-03-2019 - 19:44 | 22-07-2016 - 02:59 | |
| CVE-2016-4643 | 4.0 |
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
|
17-01-2019 - 19:18 | 11-01-2019 - 18:29 | |
| CVE-2016-4644 | 4.0 |
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types w
|
17-01-2019 - 17:55 | 11-01-2019 - 18:29 | |
| CVE-2016-4642 | 4.3 |
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
|
17-01-2019 - 15:37 | 11-01-2019 - 18:29 | |
| CVE-2016-1683 | 5.1 |
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via
|
30-10-2018 - 16:27 | 05-06-2016 - 23:59 | |
| CVE-2016-4449 | 5.8 |
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
|
18-01-2018 - 18:18 | 09-06-2016 - 16:59 | |
| CVE-2015-8317 | 5.0 |
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds
|
14-09-2017 - 01:29 | 15-12-2015 - 21:59 | |
| CVE-2016-1684 | 5.1 |
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly hav
|
01-07-2017 - 01:29 | 05-06-2016 - 23:59 |