Total
3262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4627 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-03-19 | 7.2 HIGH | 7.8 HIGH |
IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2019-6229 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2017-2479 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-19 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
CVE-2017-2463 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-19 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2016-4587 | 1 Apple | 3 Iphone Os, Tvos, Webkit | 2019-03-19 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. | |||||
CVE-2016-4585 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | |||||
CVE-2017-11121 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2019-03-13 | 10.0 HIGH | 9.8 CRITICAL |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | |||||
CVE-2017-11120 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2019-03-13 | 10.0 HIGH | 9.8 CRITICAL |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | |||||
CVE-2016-4666 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2016-7626 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile. | |||||
CVE-2016-4777 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 9.3 HIGH | 7.8 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | |||||
CVE-2016-4772 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. | |||||
CVE-2016-4725 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 8.1 HIGH |
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. | |||||
CVE-2016-4776 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 7.1 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. | |||||
CVE-2016-4774 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 7.1 HIGH |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. | |||||
CVE-2016-4702 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 10.0 HIGH | 9.8 CRITICAL |
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2016-4708 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 4.3 MEDIUM | 6.5 MEDIUM |
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | |||||
CVE-2016-4718 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 4.3 MEDIUM | 6.5 MEDIUM |
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | |||||
CVE-2016-4753 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 9.3 HIGH | 7.8 HIGH |
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-4767 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. |