2016 NATIONAL VULNERABILITY DATABASE

 

 

CVE-2016-4598

Summary: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

Published: 7/21/2016 10:59:21 PM

 

CVE-2016-4597

Summary: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.

Published: 7/21/2016 10:59:20 PM

 

CVE-2016-4596

Summary: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.

Published: 7/21/2016 10:59:19 PM

 

CVE-2016-4595

Summary: Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

Published: 7/21/2016 10:59:18 PM

 

CVE-2016-4594

Summary: The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

Published: 7/21/2016 10:59:17 PM

 

CVE-2016-4593

Summary: The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

Published: 7/21/2016 10:59:16 PM

 

CVE-2016-4592

Summary: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

Published: 7/21/2016 10:59:15 PM

 

CVE-2016-4591

Summary: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Published: 7/21/2016 10:59:14 PM

 

CVE-2016-4590

Summary: WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: 7/21/2016 10:59:13 PM

 

CVE-2016-4589

Summary: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

Published: 7/21/2016 10:59:12 PM

 

CVE-2016-4588

Summary: WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: 7/21/2016 10:59:11 PM

 

CVE-2016-4587

Summary: WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

Published: 7/21/2016 10:59:10 PM

 

CVE-2016-4586

Summary: WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: 7/21/2016 10:59:08 PM

 

CVE-2016-4585

Summary: Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

Published: 7/21/2016 10:59:07 PM

 

CVE-2016-4584

Summary: The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: 7/21/2016 10:59:06 PM

 

CVE-2016-4583

Summary: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

Published: 7/21/2016 10:59:05 PM

 

CVE-2016-4582

Summary: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

Published: 7/21/2016 10:59:04 PM

 

CVE-2016-1865

Summary: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Published: 7/21/2016 10:59:02 PM

 

CVE-2016-1863

Summary: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

Published: 7/21/2016 10:59:01 PM

 

CVE-2014-9862

Summary: Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Published: 7/21/2016 10:59:00 PM

 

 

<<< New  Older >>>