Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2016-4705 otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704. HIGH Sep 19, 2016
CVE-2016-4704 otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705. HIGH Sep 19, 2016
CVE-2016-4703 Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Sep 26, 2016
CVE-2016-4702 Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. HIGH Sep 27, 2016
CVE-2016-4701 Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. LOW Sep 26, 2016
CVE-2016-4700 AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. HIGH Sep 26, 2016
CVE-2016-4699 AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. HIGH Sep 26, 2016
CVE-2016-4698 AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. HIGH Sep 27, 2016
CVE-2016-4697 Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Sep 26, 2016
CVE-2016-4696 AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. HIGH Sep 26, 2016
CVE-2016-4695 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4694 The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue, a related issue to CVE-2016-5387. HIGH Sep 26, 2016
CVE-2016-4693 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the Security component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. MEDIUM Feb 21, 2017
CVE-2016-4692 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017
CVE-2016-4691 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. MEDIUM Feb 21, 2017
CVE-2016-4690 An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Image Capture component, which allows attackers to execute arbitrary code via a crafted USB HID device. MEDIUM Feb 21, 2017
CVE-2016-4689 An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Mail component, which does not alert the user to an S/MIME email signature that used a revoked certificate. MEDIUM Feb 21, 2017
CVE-2016-4688 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font. MEDIUM Feb 21, 2017
CVE-2016-4687 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4686 An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the Contacts component, which does not prevent an app's Address Book access after access revocation. LOW Feb 21, 2017
CVE-2016-4685 An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the iTunes Backup component, which improperly hashes passwords, making it easier to decrypt files. MEDIUM Feb 21, 2017
CVE-2016-4684 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4683 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file. MEDIUM Feb 21, 2017
CVE-2016-4682 An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. MEDIUM Feb 21, 2017
CVE-2016-4681 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the Core Image component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. MEDIUM Feb 21, 2017
CVE-2016-4680 An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. MEDIUM Feb 21, 2017
CVE-2016-4679 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libarchive component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. MEDIUM Feb 21, 2017
CVE-2016-4678 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleSMC component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. MEDIUM Feb 21, 2017
CVE-2016-4677 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017
CVE-2016-4676 A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. MEDIUM Feb 5, 2020
CVE-2016-4675 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libxpc component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. HIGH Feb 21, 2017
CVE-2016-4674 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. MEDIUM Feb 21, 2017
CVE-2016-4673 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the CoreGraphics component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. MEDIUM Feb 21, 2017
CVE-2016-4672 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4671 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file. HIGH Feb 21, 2017
CVE-2016-4670 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the Security component. It allows local users to discover lengths of arbitrary passwords by reading a log. LOW Feb 21, 2017
CVE-2016-4669 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. HIGH Feb 21, 2017
CVE-2016-4668 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4667 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. MEDIUM Feb 21, 2017
CVE-2016-4666 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017
CVE-2016-4665 An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read audio-recording metadata via a crafted app. MEDIUM Feb 21, 2017
CVE-2016-4664 An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read photo-directory metadata via a crafted app. MEDIUM Feb 21, 2017
CVE-2016-4663 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the NVIDIA Graphics Drivers component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. MEDIUM Feb 21, 2017
CVE-2016-4662 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleGraphicsControl component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Feb 21, 2017
CVE-2016-4661 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ntfs component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. MEDIUM Feb 21, 2017
CVE-2016-4660 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the FontParser component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. MEDIUM Feb 21, 2017
CVE-2016-4659 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-4658 libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. HIGH Sep 26, 2016
CVE-2016-4657 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. MEDIUM Aug 26, 2016
CVE-2016-4656 The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Aug 26, 2016
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online