2016 VULNERABILITY DATABASE

 

CVE-2016-1773

Summary: The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

Published: 3/23/2016 9:59:41 PM

 

CVSS Severity: v3 - 3.3 LOW      v2 - 2.1 LOW

 

CVE-2016-1772

Summary: The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.

Published: 3/23/2016 9:59:40 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1771

Summary: The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.

Published: 3/23/2016 9:59:39 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 7.1 HIGH

 

CVE-2016-1770

Summary: The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.

Published: 3/23/2016 9:59:38 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1769

Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

Published: 3/23/2016 9:59:37 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-1768

Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.

Published: 3/23/2016 9:59:36 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-1767

Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.

Published: 3/23/2016 9:59:35 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-1766

Summary: The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

Published: 3/23/2016 9:59:34 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-1765

Summary: otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Published: 3/23/2016 9:59:33 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 4.6 MEDIUM

 

CVE-2016-1764

Summary: The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.

Published: 3/23/2016 9:59:32 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1763

Summary: Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.

Published: 3/23/2016 9:59:31 PM

 

CVSS Severity: v3 - 3.5 LOW      v2 - 3.5 LOW

 

CVE-2016-1762

Summary: libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Published: 3/23/2016 9:59:30 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1761

Summary: libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Published: 3/23/2016 9:59:29 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1759

Summary: The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: 3/23/2016 9:59:28 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1758

Summary: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

Published: 3/23/2016 9:59:27 PM

 

CVSS Severity: v3 - 3.3 LOW      v2 - 4.3 MEDIUM

 

CVE-2016-1757

Summary: Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: 3/23/2016 9:59:26 PM

 

CVSS Severity: v3 - 7.0 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1756

Summary: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

Published: 3/23/2016 9:59:25 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1755

Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

Published: 3/23/2016 9:59:24 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1754

Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.

Published: 3/23/2016 9:59:23 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1753

Summary: Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

Published: 3/23/2016 9:59:23 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1752

Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.

Published: 3/23/2016 9:59:22 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1751

Summary: The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.

Published: 3/23/2016 9:59:21 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1750

Summary: Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: 3/23/2016 9:59:20 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1749

Summary: IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: 3/23/2016 9:59:19 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1748

Summary: IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

Published: 3/23/2016 9:59:18 PM

 

CVSS Severity: v3 - 3.3 LOW      v2 - 4.3 MEDIUM

 

CVE-2016-1747

Summary: IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.

Published: 3/23/2016 9:59:17 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1746

Summary: IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.

Published: 3/23/2016 9:59:16 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1745

Summary: IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Published: 3/23/2016 9:59:15 PM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

 

CVE-2016-1744

Summary: The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.

Published: 3/23/2016 9:59:14 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1743

Summary: The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.

Published: 3/23/2016 9:59:13 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1741

Summary: The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: 3/23/2016 9:59:12 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1740

Summary: FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

Published: 3/23/2016 9:59:11 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

Page 3