Total
1629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5844 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 9.3 HIGH | N/A |
| IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. | |||||
| CVE-2015-5834 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-5523 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2016-12-08 | 4.3 MEDIUM | N/A |
| The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | |||||
| CVE-2015-5522 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2016-12-08 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | |||||
| CVE-2013-3951 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-08 | 4.6 MEDIUM | N/A |
| sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | |||||
| CVE-2015-7113 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-07 | 10.0 HIGH | N/A |
| The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. | |||||
| CVE-2016-1788 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 2.6 LOW | 5.9 MEDIUM |
| Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | |||||
| CVE-2016-1761 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||