The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-8862 | The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | MEDIUM | Feb 22, 2017 |
| CVE-2016-9049 | An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. | MEDIUM | Feb 22, 2017 |
| CVE-2016-9051 | An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | HIGH | Feb 22, 2017 |
| CVE-2016-9053 | An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | HIGH | Feb 22, 2017 |
| CVE-2016-9400 | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | HIGH | Feb 22, 2017 |
| CVE-2017-2350 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2351 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the WiFi component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors. | LOW | Feb 22, 2017 |
| CVE-2017-2357 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the IOAudioFamily component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2358 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the Graphics Drivers component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2359 | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the Safari component, which allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2360 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2362 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2363 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2364 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2365 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2366 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2368 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the Contacts component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2369 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2370 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2371 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the WebKit component, which allows remote attackers to launch popups via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2372 | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the Projects component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2373 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2374 | An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the Projects component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. | MEDIUM | Feb 22, 2017 |
| CVE-2017-5585 | OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. | MEDIUM | Feb 22, 2017 |
| CVE-2017-5586 | OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | HIGH | Feb 22, 2017 |
| CVE-2015-4057 | The Plug-in for VMware vCenter in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4613 | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information via a crafted web site. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4617 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the libxpc component. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4660 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the FontParser component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4661 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ntfs component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4662 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleGraphicsControl component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 21, 2017 |
| CVE-2016-4663 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the NVIDIA Graphics Drivers component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4664 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read photo-directory metadata via a crafted app. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4665 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Sandbox Profiles component, which allows attackers to read audio-recording metadata via a crafted app. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4666 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4667 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4669 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. | HIGH | Feb 21, 2017 |
| CVE-2016-4670 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the Security component. It allows local users to discover lengths of arbitrary passwords by reading a log. | LOW | Feb 21, 2017 |
| CVE-2016-4671 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file. | HIGH | Feb 21, 2017 |
| CVE-2016-4673 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the CoreGraphics component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4674 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ATS component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4675 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libxpc component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | HIGH | Feb 21, 2017 |
| CVE-2016-4677 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4678 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the AppleSMC component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4679 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the libarchive component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4680 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the Kernel component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4681 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the Core Image component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4682 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4683 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file. | MEDIUM | Feb 21, 2017 |
| CVE-2016-4685 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the iTunes Backup component, which improperly hashes passwords, making it easier to decrypt files. | MEDIUM | Feb 21, 2017 |
