The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Max CVSS
5.3
EPSS Score
0.51%
Published
2016-09-06
Updated
2017-02-19
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Max CVSS
5.3
EPSS Score
0.51%
Published
2016-09-06
Updated
2017-02-19
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Max CVSS
8.8
EPSS Score
10.58%
Published
2016-07-23
Updated
2019-03-26
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Max CVSS
7.8
EPSS Score
0.92%
Published
2016-09-25
Updated
2017-07-30
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.20%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
Max CVSS
9.3
EPSS Score
0.20%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
Max CVSS
7.1
EPSS Score
0.22%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
Max CVSS
7.1
EPSS Score
0.22%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
Max CVSS
7.1
EPSS Score
0.22%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
Max CVSS
7.5
EPSS Score
7.78%
Published
2016-09-25
Updated
2019-03-13
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
Max CVSS
5.5
EPSS Score
0.07%
Published
2016-09-25
Updated
2017-07-30
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Max CVSS
8.8
EPSS Score
0.70%
Published
2016-09-25
Updated
2017-07-30
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
Max CVSS
8.8
EPSS Score
0.51%
Published
2016-09-25
Updated
2019-03-11
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
Max CVSS
8.8
EPSS Score
0.52%
Published
2016-09-25
Updated
2019-03-13
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
Max CVSS
8.8
EPSS Score
0.47%
Published
2016-09-25
Updated
2019-03-11
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Max CVSS
8.8
EPSS Score
0.52%
Published
2016-09-25
Updated
2019-03-11
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
6.8
EPSS Score
0.14%
Published
2016-09-25
Updated
2017-07-30
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
8.8
EPSS Score
0.64%
Published
2016-09-25
Updated
2017-07-30
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
Max CVSS
6.5
EPSS Score
0.52%
Published
2016-09-25
Updated
2017-07-30
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Max CVSS
8.8
EPSS Score
0.52%
Published
2016-09-25
Updated
2019-03-11
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
Max CVSS
6.5
EPSS Score
0.45%
Published
2016-09-25
Updated
2017-07-30
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-09-25
Updated
2017-07-30
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.25%
Published
2016-09-25
Updated
2017-07-30
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.23%
Published
2016-09-25
Updated
2019-03-13
333 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!