The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2016-7605 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Bluetooth component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7604 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the CoreCapture component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7603 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the CoreStorage component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7602 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 21, 2017 | n/a |
| CVE-2016-7601 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Local Authentication component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7600 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the OpenPAM component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. | LOW | Feb 21, 2017 | n/a |
| CVE-2016-7599 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7598 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7597 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the SpringBoard component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri. | LOW | Feb 21, 2017 | n/a |
| CVE-2016-7596 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Bluetooth component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 21, 2017 | n/a |
| CVE-2016-7595 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the CoreText component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7594 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ICU component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7592 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7591 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the IOHIDFamily component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | HIGH | Feb 21, 2017 | n/a |
| CVE-2016-7589 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7588 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the CoreMedia Playback component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7587 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7586 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7585 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the EFI component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. | LOW | Apr 6, 2017 | n/a |
| CVE-2016-7584 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the AppleMobileFileIntegrity component, which allows remote attackers to spoof signed code by using a matching team ID. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7583 | An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the iCloud component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7582 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 21, 2017 | n/a |
| CVE-2016-7581 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the Safari component, which allows remote web servers to cause a denial of service via a crafted URL. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7580 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the Mail component, which allows remote web servers to cause a denial of service via a crafted URL. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7579 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the CFNetwork Proxies component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7578 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7577 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the FaceTime component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended. | MEDIUM | Feb 21, 2017 | n/a |
| CVE-2016-7576 | In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. | HIGH | Jan 11, 2019 | n/a |
| CVE-2016-7569 | Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | MEDIUM | Feb 5, 2017 | n/a |
| CVE-2016-7567 | Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | HIGH | Jan 25, 2017 | n/a |
| CVE-2016-7565 | install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | HIGH | Feb 16, 2017 | n/a |
| CVE-2016-7564 | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | MEDIUM | Jan 20, 2017 | n/a |
| CVE-2016-7563 | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | MEDIUM | Jan 20, 2017 | n/a |
| CVE-2016-7562 | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | MEDIUM | Dec 23, 2016 | n/a |
| CVE-2016-7555 | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted strh structure. | MEDIUM | Dec 23, 2016 | n/a |
| CVE-2016-7553 | The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. | LOW | Feb 28, 2017 | n/a |
| CVE-2016-7552 | On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | HIGH | Apr 17, 2017 | n/a |
| CVE-2016-7551 | chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | MEDIUM | Apr 24, 2017 | n/a |
| CVE-2016-7550 | asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). | MEDIUM | May 24, 2019 | n/a |
| CVE-2016-7547 | A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | HIGH | Apr 17, 2017 | n/a |
| CVE-2016-7545 | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | HIGH | Jan 20, 2017 | n/a |
| CVE-2016-7544 | Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. | MEDIUM | Feb 7, 2017 | n/a |
| CVE-2016-7543 | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | HIGH | Jan 20, 2017 | n/a |
| CVE-2016-7542 | A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | MEDIUM | Apr 4, 2017 | n/a |
| CVE-2016-7541 | Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. | MEDIUM | Apr 4, 2017 | n/a |
| CVE-2016-7540 | coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-7539 | Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | HIGH | Jul 25, 2017 | n/a |
| CVE-2016-7538 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | MEDIUM | Apr 21, 2017 | n/a |
| CVE-2016-7537 | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-7536 | magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | MEDIUM | Apr 20, 2017 | n/a |
