The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-4705 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704. | HIGH | Sep 19, 2016 |
CVE-2016-4704 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705. | HIGH | Sep 19, 2016 |
CVE-2016-4703 | Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Sep 26, 2016 |
CVE-2016-4702 | Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | HIGH | Sep 27, 2016 |
CVE-2016-4701 | Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | LOW | Sep 26, 2016 |
CVE-2016-4700 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. | HIGH | Sep 26, 2016 |
CVE-2016-4699 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. | HIGH | Sep 26, 2016 |
CVE-2016-4698 | AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | HIGH | Sep 27, 2016 |
CVE-2016-4697 | Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Sep 26, 2016 |
CVE-2016-4696 | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | HIGH | Sep 26, 2016 |
CVE-2016-4695 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4694 | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue, a related issue to CVE-2016-5387. | HIGH | Sep 26, 2016 |
CVE-2016-4693 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the Security component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. | MEDIUM | Feb 21, 2017 |
CVE-2016-4692 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
CVE-2016-4691 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
CVE-2016-4690 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Image Capture component, which allows attackers to execute arbitrary code via a crafted USB HID device. | MEDIUM | Feb 21, 2017 |
CVE-2016-4689 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Mail component, which does not alert the user to an S/MIME email signature that used a revoked certificate. | MEDIUM | Feb 21, 2017 |
CVE-2016-4688 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
CVE-2016-4687 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4686 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the Contacts component, which does not prevent an app's Address Book access after access revocation. | LOW | Feb 21, 2017 |
CVE-2016-4685 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the iTunes Backup component, which improperly hashes passwords, making it easier to decrypt files. | MEDIUM | Feb 21, 2017 |
CVE-2016-4684 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4683 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file. | MEDIUM | Feb 21, 2017 |
CVE-2016-4682 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. | MEDIUM | Feb 21, 2017 |
CVE-2016-4681 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the Core Image component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | MEDIUM | Feb 21, 2017 |
CVE-2016-4680 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | MEDIUM | Feb 21, 2017 |
CVE-2016-4679 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libarchive component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | MEDIUM | Feb 21, 2017 |
CVE-2016-4678 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleSMC component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | MEDIUM | Feb 21, 2017 |
CVE-2016-4677 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
CVE-2016-4676 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | MEDIUM | Feb 5, 2020 |
CVE-2016-4675 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libxpc component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | HIGH | Feb 21, 2017 |
CVE-2016-4674 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. | MEDIUM | Feb 21, 2017 |
CVE-2016-4673 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the CoreGraphics component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | MEDIUM | Feb 21, 2017 |
CVE-2016-4672 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4671 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file. | HIGH | Feb 21, 2017 |
CVE-2016-4670 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the Security component. It allows local users to discover lengths of arbitrary passwords by reading a log. | LOW | Feb 21, 2017 |
CVE-2016-4669 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. | HIGH | Feb 21, 2017 |
CVE-2016-4668 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4667 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
CVE-2016-4666 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
CVE-2016-4665 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read audio-recording metadata via a crafted app. | MEDIUM | Feb 21, 2017 |
CVE-2016-4664 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read photo-directory metadata via a crafted app. | MEDIUM | Feb 21, 2017 |
CVE-2016-4663 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the NVIDIA Graphics Drivers component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. | MEDIUM | Feb 21, 2017 |
CVE-2016-4662 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleGraphicsControl component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 21, 2017 |
CVE-2016-4661 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ntfs component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. | MEDIUM | Feb 21, 2017 |
CVE-2016-4660 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the FontParser component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
CVE-2016-4659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
CVE-2016-4658 | libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | HIGH | Sep 26, 2016 |
CVE-2016-4657 | WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | MEDIUM | Aug 26, 2016 |
CVE-2016-4656 | The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Aug 26, 2016 |