Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 126890 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2016-7605 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Bluetooth component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. MEDIUM Feb 21, 2017 n/a
CVE-2016-7604 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the CoreCapture component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. MEDIUM Feb 21, 2017 n/a
CVE-2016-7603 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the CoreStorage component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. MEDIUM Feb 21, 2017 n/a
CVE-2016-7602 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Feb 21, 2017 n/a
CVE-2016-7601 An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the Local Authentication component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. MEDIUM Feb 21, 2017 n/a
CVE-2016-7600 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the OpenPAM component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. LOW Feb 21, 2017 n/a
CVE-2016-7599 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. MEDIUM Feb 21, 2017 n/a
CVE-2016-7598 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7597 An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the SpringBoard component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri. LOW Feb 21, 2017 n/a
CVE-2016-7596 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the Bluetooth component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Feb 21, 2017 n/a
CVE-2016-7595 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the CoreText component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. MEDIUM Feb 21, 2017 n/a
CVE-2016-7594 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ICU component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7592 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7591 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the IOHIDFamily component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. HIGH Feb 21, 2017 n/a
CVE-2016-7589 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7588 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the CoreMedia Playback component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file. MEDIUM Feb 21, 2017 n/a
CVE-2016-7587 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7586 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7585 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the EFI component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. LOW Apr 6, 2017 n/a
CVE-2016-7584 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the AppleMobileFileIntegrity component, which allows remote attackers to spoof signed code by using a matching team ID. MEDIUM Feb 21, 2017 n/a
CVE-2016-7583 An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the iCloud component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. MEDIUM Feb 21, 2017 n/a
CVE-2016-7582 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. HIGH Feb 21, 2017 n/a
CVE-2016-7581 An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the Safari component, which allows remote web servers to cause a denial of service via a crafted URL. MEDIUM Feb 21, 2017 n/a
CVE-2016-7580 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the Mail component, which allows remote web servers to cause a denial of service via a crafted URL. MEDIUM Feb 21, 2017 n/a
CVE-2016-7579 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the CFNetwork Proxies component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. MEDIUM Feb 21, 2017 n/a
CVE-2016-7578 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. MEDIUM Feb 21, 2017 n/a
CVE-2016-7577 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the FaceTime component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended. MEDIUM Feb 21, 2017 n/a
CVE-2016-7576 In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. HIGH Jan 11, 2019 n/a
CVE-2016-7569 Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. MEDIUM Feb 5, 2017 n/a
CVE-2016-7567 Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. HIGH Jan 25, 2017 n/a
CVE-2016-7565 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. HIGH Feb 16, 2017 n/a
CVE-2016-7564 Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. MEDIUM Jan 20, 2017 n/a
CVE-2016-7563 The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. MEDIUM Jan 20, 2017 n/a
CVE-2016-7562 The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. MEDIUM Dec 23, 2016 n/a
CVE-2016-7555 The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted strh structure. MEDIUM Dec 23, 2016 n/a
CVE-2016-7553 The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. LOW Feb 28, 2017 n/a
CVE-2016-7552 On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. HIGH Apr 17, 2017 n/a
CVE-2016-7551 chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). MEDIUM Apr 24, 2017 n/a
CVE-2016-7550 asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). MEDIUM May 24, 2019 n/a
CVE-2016-7547 A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. HIGH Apr 17, 2017 n/a
CVE-2016-7545 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. HIGH Jan 20, 2017 n/a
CVE-2016-7544 Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. MEDIUM Feb 7, 2017 n/a
CVE-2016-7543 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. HIGH Jan 20, 2017 n/a
CVE-2016-7542 A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. MEDIUM Apr 4, 2017 n/a
CVE-2016-7541 Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. MEDIUM Apr 4, 2017 n/a
CVE-2016-7540 coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. MEDIUM Apr 20, 2017 n/a
CVE-2016-7539 Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. HIGH Jul 25, 2017 n/a
CVE-2016-7538 coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. MEDIUM Apr 21, 2017 n/a
CVE-2016-7537 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. MEDIUM Apr 20, 2017 n/a
CVE-2016-7536 magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. MEDIUM Apr 20, 2017 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online