Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4618 | 1 Apple | 2 Iphone Os, Safari | 2017-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | |||||
| CVE-2016-4694 | 1 Apple | 2 Mac Os X, Os X Server | 2017-07-30 | 7.5 HIGH | 9.1 CRITICAL |
| The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. | |||||
| CVE-2016-4696 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-4697 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4698 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-4699 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. | |||||
| CVE-2016-4700 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. | |||||
| CVE-2016-4701 | 1 Apple | 1 Mac Os X | 2017-07-30 | 2.1 LOW | 6.2 MEDIUM |
| Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | |||||
| CVE-2016-4703 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.9 MEDIUM | 5.5 MEDIUM |
| cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 2.1 LOW | 4.0 MEDIUM |
| CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
| CVE-2016-4709 | 1 Apple | 1 Mac Os X | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. | |||||
| CVE-2016-4710 | 1 Apple | 1 Mac Os X | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. | |||||
| CVE-2016-4711 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | |||||
| CVE-2016-4713 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||||
| CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 3.3 LOW |
| The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-4717 | 1 Apple | 1 Mac Os X | 2017-07-30 | 5.0 MEDIUM | 3.3 LOW |
| The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2016-4722 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 7.1 HIGH | 5.9 MEDIUM |
| The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | |||||
| CVE-2016-4723 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4724 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-4727 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4729 | 1 Apple | 2 Iphone Os, Safari | 2017-07-30 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. | |||||
| CVE-2016-4731 | 1 Apple | 2 Iphone Os, Safari | 2017-07-30 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729. | |||||
| CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 3.7 LOW |
| mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | |||||
| CVE-2016-4742 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | |||||
| CVE-2016-4745 | 1 Apple | 1 Mac Os X | 2017-07-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | |||||
| CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.6 MEDIUM | 5.3 MEDIUM |
| Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||||
| CVE-2016-4750 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4751 | 1 Apple | 1 Safari | 2017-07-30 | 4.3 MEDIUM | 3.5 LOW |
| The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | |||||
| CVE-2016-4752 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | |||||
| CVE-2016-4754 | 1 Apple | 1 Os X Server | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2016-4755 | 1 Apple | 1 Mac Os X | 2017-07-30 | 2.1 LOW | 5.5 MEDIUM |
| Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
| CVE-2016-4762 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Itunes and 2 more | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
| CVE-2016-4763 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2017-07-30 | 4.9 MEDIUM | 6.8 MEDIUM |
| WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4769 | 2 Apple, Microsoft | 3 Itunes, Safari, Windows | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-4771 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | |||||
| CVE-2016-4779 | 1 Apple | 1 Mac Os X | 2017-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||||
| CVE-2016-5256 | 1 Mozilla | 1 Firefox | 2017-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-5271 | 1 Mozilla | 1 Firefox | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. | |||||
| CVE-2016-5273 | 1 Mozilla | 1 Firefox | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2016-5275 | 1 Mozilla | 1 Firefox | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. | |||||
| CVE-2016-5279 | 1 Mozilla | 1 Firefox | 2017-07-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | |||||
| CVE-2016-5282 | 1 Mozilla | 1 Firefox | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. | |||||
| CVE-2016-5283 | 1 Mozilla | 1 Firefox | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized. | |||||
| CVE-2016-5986 | 1 Ibm | 1 Websphere Application Server | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2017-07-30 | 6.9 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | |||||
| CVE-2016-6038 | 1 Ibm | 1 Aix | 2017-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | |||||