Total
697 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4722 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | |||||
CVE-2016-1814 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2016-1941 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | |||||
CVE-2016-1844 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | |||||
CVE-2016-1802 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. | |||||
CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||||
CVE-2015-7024 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.9 MEDIUM | 6.7 MEDIUM |
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | |||||
CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||||
CVE-2016-1838 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
CVE-2016-4277 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278. | |||||
CVE-2016-4745 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | |||||
CVE-2016-4708 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | |||||
CVE-2016-4648 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2016-1839 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
CVE-2016-1788 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | |||||
CVE-2014-4373 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 7.8 HIGH | 5.5 MEDIUM |
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | |||||
CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. |