Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5770 | 7.5 |
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
|
20-07-2022 - 16:54 | 07-08-2016 - 10:59 | |
CVE-2016-5771 | 7.5 |
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
|
20-07-2022 - 16:52 | 07-08-2016 - 10:59 | |
CVE-2016-5772 | 7.5 |
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
|
20-07-2022 - 16:49 | 07-08-2016 - 10:59 | |
CVE-2016-6174 | 6.8 |
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut
|
03-06-2020 - 14:54 | 12-07-2016 - 19:59 | |
CVE-2016-4738 | 9.3 |
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
18-06-2019 - 20:15 | 25-09-2016 - 10:59 | |
CVE-2016-5131 | 6.8 |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
|
26-03-2019 - 17:14 | 23-07-2016 - 19:59 | |
CVE-2016-4777 | 9.3 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
|
13-03-2019 - 15:11 | 25-09-2016 - 11:00 | |
CVE-2016-4772 | 5.0 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
|
13-03-2019 - 15:10 | 25-09-2016 - 11:00 | |
CVE-2016-4725 | 5.8 |
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
|
13-03-2019 - 15:06 | 25-09-2016 - 10:59 | |
CVE-2016-4776 | 5.8 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
|
13-03-2019 - 15:05 | 25-09-2016 - 11:00 | |
CVE-2016-4775 | 7.2 |
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
|
13-03-2019 - 15:04 | 25-09-2016 - 11:00 | |
CVE-2016-4774 | 5.8 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
|
13-03-2019 - 14:58 | 25-09-2016 - 11:00 | |
CVE-2016-4702 | 10.0 |
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
13-03-2019 - 14:34 | 25-09-2016 - 10:59 | |
CVE-2016-4708 | 4.3 |
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
|
13-03-2019 - 14:31 | 25-09-2016 - 10:59 | |
CVE-2016-4718 | 4.3 |
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
|
13-03-2019 - 14:24 | 25-09-2016 - 10:59 | |
CVE-2016-4753 | 9.3 |
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
13-03-2019 - 14:14 | 25-09-2016 - 10:59 | |
CVE-2016-4658 | 10.0 |
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co
|
13-03-2019 - 14:05 | 25-09-2016 - 10:59 | |
CVE-2016-4773 | 5.8 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability t
|
13-03-2019 - 14:00 | 25-09-2016 - 11:00 | |
CVE-2016-4778 | 9.3 |
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
13-03-2019 - 13:57 | 25-09-2016 - 11:00 | |
CVE-2016-4712 | 9.3 |
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
|
13-03-2019 - 13:39 | 25-09-2016 - 10:59 | |
CVE-2016-4726 | 9.3 |
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
09-03-2019 - 00:45 | 25-09-2016 - 10:59 | |
CVE-2016-0755 | 5.0 |
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
|
17-10-2018 - 01:29 | 29-01-2016 - 20:59 | |
CVE-2016-6290 | 7.5 |
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6291 | 7.5 |
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6297 | 6.8 |
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6288 | 7.5 |
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-5773 | 7.5 |
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-5768 | 7.5 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-6294 | 7.5 |
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6289 | 6.8 |
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6296 | 7.5 |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6295 | 7.5 |
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6292 | 4.3 |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-4736 | 9.3 |
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
|
14-11-2017 - 02:29 | 25-09-2016 - 10:59 | |
CVE-2016-4752 | 4.3 |
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4701 | 2.1 |
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4745 | 5.0 |
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4715 | 4.3 |
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4706 | 4.9 |
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4742 | 4.3 |
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4713 | 4.3 |
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4779 | 6.8 |
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
|
30-07-2017 - 01:29 | 25-09-2016 - 11:00 | |
CVE-2016-4771 | 4.3 |
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
|
30-07-2017 - 01:29 | 25-09-2016 - 11:00 | |
CVE-2016-4717 | 5.0 |
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4710 | 7.2 |
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4700 | 9.3 |
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4750 | 9.3 |
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4723 | 9.3 |
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4696 | 9.3 |
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4739 | 4.3 |
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4699 | 9.3 |
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4697 | 9.3 |
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4755 | 2.1 |
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4722 | 7.1 |
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4711 | 5.0 |
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4707 | 2.1 |
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4724 | 9.3 |
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4716 | 7.2 |
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4709 | 7.2 |
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4703 | 9.3 |
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4694 | 7.5 |
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which migh
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4748 | 4.6 |
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4727 | 9.3 |
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4698 | 9.3 |
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
30-07-2017 - 01:29 | 25-09-2016 - 10:59 | |
CVE-2016-4682 | 5.8 |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (
|
29-07-2017 - 01:34 | 20-02-2017 - 08:59 | |
CVE-2016-4617 | 4.6 |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.
|
24-03-2017 - 01:59 | 20-02-2017 - 08:59 | |
CVE-2016-7582 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory co
|
21-02-2017 - 22:57 | 20-02-2017 - 08:59 | |
CVE-2016-7580 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
|
21-02-2017 - 19:17 | 20-02-2017 - 08:59 | |
CVE-2016-5769 | 7.5 |
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
|
28-11-2016 - 20:29 | 07-08-2016 - 10:59 |