CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4647 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
2 CVE-2016-4600 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
3 CVE-2016-4599 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
4 CVE-2016-4598 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
5 CVE-2016-4597 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
6 CVE-2016-4596 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
7 CVE-2016-4589 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
8 CVE-2016-4588 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
9 CVE-2016-4587 119 Overflow +Info 2016-07-21 2016-07-26
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
10 CVE-2016-4586 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
11 CVE-2016-4584 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
12 CVE-2016-4582 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
13 CVE-2016-4073 119 DoS Exec Code Overflow 2016-05-20 2016-05-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.
14 CVE-2016-3142 119 DoS Overflow +Info 2016-03-31 2016-05-25
6.4
None Remote Low Not required Partial None Partial
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
15 CVE-2016-3141 119 DoS Overflow Mem. Corr. 2016-03-31 2016-05-25
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
16 CVE-2016-1863 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
17 CVE-2016-1861 119 DoS Exec Code Overflow Mem. Corr. 2016-06-19 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
18 CVE-2016-1859 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-15
6.8
None Remote Medium Not required Partial Partial Partial
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
19 CVE-2016-1857 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
20 CVE-2016-1856 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.
21 CVE-2016-1855 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
22 CVE-2016-1854 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
23 CVE-2016-1850 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
24 CVE-2016-1848 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
25 CVE-2016-1847 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
26 CVE-2016-1846 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
27 CVE-2016-1841 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
6.8
None Remote Medium Not required Partial Partial Partial
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
28 CVE-2016-1840 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839.
29 CVE-2016-1839 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840.
30 CVE-2016-1838 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840.
31 CVE-2016-1837 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.
32 CVE-2016-1836 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-22
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.
33 CVE-2016-1835 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
34 CVE-2016-1834 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.
35 CVE-2016-1833 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-13
6.8
None Remote Medium Not required Partial Partial Partial
libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.
36 CVE-2016-1832 119 DoS Overflow +Priv Mem. Corr. 2016-05-20 2016-05-24
4.6
None Local Low Not required Partial Partial Partial
libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
37 CVE-2016-1831 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
38 CVE-2016-1830 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
8.5
None Remote Medium Single system Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.
39 CVE-2016-1829 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
40 CVE-2016-1828 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
41 CVE-2016-1827 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
42 CVE-2016-1826 Exec Code Overflow 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
43 CVE-2016-1825 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
44 CVE-2016-1824 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
45 CVE-2016-1823 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
46 CVE-2016-1822 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
47 CVE-2016-1820 119 Exec Code Overflow 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
48 CVE-2016-1819 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
49 CVE-2016-1818 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
50 CVE-2016-1817 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
Total number of vulnerabilities : 1238   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.