Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4618 | 1 Apple | 2 Iphone Os, Safari | 2017-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | |||||
| CVE-2016-4694 | 1 Apple | 2 Mac Os X, Os X Server | 2017-07-29 | 7.5 HIGH | 9.1 CRITICAL |
| The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. | |||||
| CVE-2016-4696 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-4697 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4698 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-4699 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. | |||||
| CVE-2016-4700 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. | |||||
| CVE-2016-4701 | 1 Apple | 1 Mac Os X | 2017-07-29 | 2.1 LOW | 6.2 MEDIUM |
| Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | |||||
| CVE-2016-4703 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2017-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-29 | 2.1 LOW | 4.0 MEDIUM |
| CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
| CVE-2016-4709 | 1 Apple | 1 Mac Os X | 2017-07-29 | 7.2 HIGH | 7.8 HIGH |
| WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. | |||||
| CVE-2016-4710 | 1 Apple | 1 Mac Os X | 2017-07-29 | 7.2 HIGH | 7.8 HIGH |
| WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. | |||||
| CVE-2016-4711 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | |||||
| CVE-2016-4713 | 1 Apple | 1 Mac Os X | 2017-07-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||||
| CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2017-07-29 | 4.3 MEDIUM | 3.3 LOW |
| The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2017-07-29 | 7.2 HIGH | 7.8 HIGH |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-4717 | 1 Apple | 1 Mac Os X | 2017-07-29 | 5.0 MEDIUM | 3.3 LOW |
| The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2016-4722 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-29 | 7.1 HIGH | 5.9 MEDIUM |
| The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | |||||
| CVE-2016-4723 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||