Total
1633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||||
CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | |||||
CVE-2015-7061 | 1 Apple | 3 Mac Os X, Tvos, Watchos | 2023-12-10 | 6.8 MEDIUM | N/A |
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7060. | |||||
CVE-2016-1819 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. | |||||
CVE-2015-7079 | 1 Apple | 2 Iphone Os, Tvos | 2023-12-10 | 9.3 HIGH | N/A |
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-4753 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-4608 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | |||||
CVE-2016-4733 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. | |||||
CVE-2015-7054 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
CVE-2015-7073 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake. | |||||
CVE-2016-4776 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. | |||||
CVE-2015-7046 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 2.6 LOW | N/A |
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges. | |||||
CVE-2016-1752 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | |||||
CVE-2016-1858 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2016-4594 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call. | |||||
CVE-2015-7115 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | |||||
CVE-2016-4631 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file. | |||||
CVE-2016-1803 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2015-7058 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||||
CVE-2016-1824 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823. |