CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
2 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
3 CVE-2016-1769 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
4 CVE-2016-1768 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
5 CVE-2016-1767 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
6 CVE-2016-1765 119 DoS Overflow +Priv Mem. Corr. 2016-03-23 2016-03-25
4.6
None Local Low Not required Partial Partial Partial
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
7 CVE-2016-1762 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
8 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
9 CVE-2016-1759 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-28
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
10 CVE-2016-1758 119 DoS Overflow +Info 2016-03-23 2016-03-25
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
11 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
12 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
13 CVE-2016-1753 189 Exec Code Overflow 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
14 CVE-2016-1749 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-28
9.3
None Remote Medium Not required Complete Complete Complete
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
15 CVE-2016-1744 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
16 CVE-2016-1743 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
17 CVE-2016-1741 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
10.0
None Remote Low Not required Complete Complete Complete
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
18 CVE-2016-1740 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-28
9.3
None Remote Medium Not required Complete Complete Complete
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
19 CVE-2016-1737 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
20 CVE-2016-1736 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
21 CVE-2016-1735 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
22 CVE-2016-1734 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
7.2
None Local Low Not required Complete Complete Complete
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
23 CVE-2016-1732 119 DoS Overflow +Info 2016-03-23 2016-03-28
2.1
None Local Low Not required Partial None None
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
24 CVE-2016-1727 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2016-03-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
25 CVE-2016-1726 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2016-03-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
26 CVE-2016-1725 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2016-03-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
27 CVE-2016-1724 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2016-03-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
28 CVE-2016-1723 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2016-03-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
29 CVE-2016-1722 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-03-29
7.2
None Local Low Not required Complete Complete Complete
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
30 CVE-2016-1721 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-03-29
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
31 CVE-2016-1720 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-03-29
7.2
None Local Low Not required Complete Complete Complete
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
32 CVE-2016-1719 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-03-29
7.2
None Local Low Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
33 CVE-2016-1718 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-02-08
6.9
None Local Medium Not required Complete Complete Complete
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
34 CVE-2016-1717 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-03-29
7.2
None Local Low Not required Complete Complete Complete
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
35 CVE-2016-1716 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-02-08
7.2
None Local Low Not required Complete Complete Complete
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
36 CVE-2016-0778 119 DoS Overflow 2016-01-14 2016-04-11
6.5
None Remote Low Single system Partial Partial Partial
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
37 CVE-2015-8659 119 Overflow 2016-01-12 2016-04-01
10.0
None Remote Low Not required Complete Complete Complete
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
38 CVE-2015-8472 119 DoS Overflow 2016-01-21 2016-03-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
39 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2016-04-01
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
40 CVE-2015-8126 119 DoS Overflow 2015-11-12 2016-03-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
41 CVE-2015-7942 119 DoS Overflow 2015-11-18 2016-04-12
6.8
None Remote Medium Not required Partial Partial Partial
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
42 CVE-2015-7500 119 DoS Overflow 2015-12-15 2016-04-12
5.0
None Remote Low Not required None None Partial
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
43 CVE-2015-7499 119 Overflow +Info 2015-12-15 2016-04-12
5.0
None Remote Low Not required Partial None None
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
44 CVE-2015-7117 119 DoS Exec Code Overflow Mem. Corr. 2016-01-08 2016-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092.
45 CVE-2015-7116 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.
46 CVE-2015-7115 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
47 CVE-2015-7113 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
10.0
Admin Remote Low Not required Complete Complete Complete
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
48 CVE-2015-7112 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
49 CVE-2015-7111 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
50 CVE-2015-7110 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2015-12-11
6.9
None Local Medium Not required Complete Complete Complete
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
Total number of vulnerabilities : 1175   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.