Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-4738 9.3
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
18-06-2019 - 20:15 25-09-2016 - 10:59
CVE-2016-5131 6.8
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
26-03-2019 - 17:14 23-07-2016 - 19:59
CVE-2016-4777 9.3
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
13-03-2019 - 15:11 25-09-2016 - 11:00
CVE-2016-4772 5.0
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
13-03-2019 - 15:10 25-09-2016 - 11:00
CVE-2016-4725 5.8
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
13-03-2019 - 15:06 25-09-2016 - 10:59
CVE-2016-4776 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
13-03-2019 - 15:05 25-09-2016 - 11:00
CVE-2016-4775 7.2
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
13-03-2019 - 15:04 25-09-2016 - 11:00
CVE-2016-4774 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
13-03-2019 - 14:58 25-09-2016 - 11:00
CVE-2016-4702 10.0
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
13-03-2019 - 14:34 25-09-2016 - 10:59
CVE-2016-4708 4.3
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
13-03-2019 - 14:31 25-09-2016 - 10:59
CVE-2016-4718 4.3
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
13-03-2019 - 14:24 25-09-2016 - 10:59
CVE-2016-4753 9.3
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
13-03-2019 - 14:14 25-09-2016 - 10:59
CVE-2016-4767 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
13-03-2019 - 14:10 25-09-2016 - 11:00
CVE-2016-4658 10.0
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co
13-03-2019 - 14:05 25-09-2016 - 10:59
CVE-2016-4773 5.8
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
13-03-2019 - 14:00 25-09-2016 - 11:00
CVE-2016-4778 9.3
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
13-03-2019 - 13:57 25-09-2016 - 11:00
CVE-2016-4733 9.3
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730
13-03-2019 - 13:40 25-09-2016 - 10:59
CVE-2016-4712 9.3
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
13-03-2019 - 13:39 25-09-2016 - 10:59
CVE-2016-4735 9.3
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730
13-03-2019 - 13:31 25-09-2016 - 10:59
CVE-2016-4611 6.8
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733
13-03-2019 - 13:27 25-09-2016 - 10:59
CVE-2016-4737 9.3
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
12-03-2019 - 19:30 25-09-2016 - 10:59
CVE-2016-4734 9.3
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730
12-03-2019 - 19:30 25-09-2016 - 10:59
CVE-2016-4768 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
11-03-2019 - 18:29 25-09-2016 - 11:00
CVE-2016-4759 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
11-03-2019 - 18:28 25-09-2016 - 10:59
CVE-2016-4765 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
11-03-2019 - 18:26 25-09-2016 - 10:59
CVE-2016-4730 9.3
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733
11-03-2019 - 18:17 25-09-2016 - 10:59
CVE-2016-4728 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
11-03-2019 - 17:56 25-09-2016 - 10:59
CVE-2016-4766 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
11-03-2019 - 17:38 25-09-2016 - 10:59
CVE-2016-4726 9.3
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
09-03-2019 - 00:45 25-09-2016 - 10:59
CVE-2016-0755 5.0
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
17-10-2018 - 01:29 29-01-2016 - 20:59
CVE-2016-6297 6.8
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6296 7.5
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6295 7.5
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6294 7.5
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6292 4.3
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6291 7.5
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6290 7.5
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6289 6.8
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-6288 7.5
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
05-01-2018 - 02:31 25-07-2016 - 14:59
CVE-2016-5773 7.5
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5772 7.5
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5771 7.5
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5770 7.5
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5768 7.5
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-4736 9.3
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
14-11-2017 - 02:29 25-09-2016 - 10:59
CVE-2016-4749 2.1
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4747 4.3
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4746 5.0
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4741 4.3
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4740 1.9
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4719 4.3
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4620 4.3
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
13-08-2017 - 01:29 18-09-2016 - 22:59
CVE-2016-4779 6.8
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
30-07-2017 - 01:29 25-09-2016 - 11:00
CVE-2016-4771 4.3
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
30-07-2017 - 01:29 25-09-2016 - 11:00
CVE-2016-4769 6.8
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
30-07-2017 - 01:29 25-09-2016 - 11:00
CVE-2016-4763 4.9
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4762 6.8
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4760 4.3
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4758 4.3
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4755 2.1
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4754 5.0
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4752 4.3
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4751 4.3
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4750 9.3
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4748 4.6
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4745 5.0
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4742 4.3
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4739 4.3
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4731 9.3
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4729 9.3
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4727 9.3
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4724 9.3
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4723 9.3
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4722 7.1
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4717 5.0
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4716 7.2
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4715 4.3
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4713 4.3
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4711 5.0
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4710 7.2
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4709 7.2
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4707 2.1
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4706 4.9
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4703 9.3
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4701 2.1
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4700 9.3
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4699 9.3
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4698 9.3
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4697 9.3
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4696 9.3
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4694 7.5
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which migh
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-4618 4.3
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
30-07-2017 - 01:29 25-09-2016 - 10:59
CVE-2016-6174 6.8
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut
21-03-2017 - 01:59 12-07-2016 - 19:59
CVE-2016-5769 7.5
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
28-11-2016 - 20:29 07-08-2016 - 10:59
Back to Top Mark selected
Back to Top