The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
Max CVSS
10.0
EPSS Score
2.13%
Published
2016-01-12
Updated
2019-03-08
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
Max CVSS
9.8
EPSS Score
6.30%
Published
2016-02-07
Updated
2019-03-08
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
Max CVSS
8.8
EPSS Score
1.74%
Published
2016-02-07
Updated
2019-03-08
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
Max CVSS
7.2
EPSS Score
0.20%
Published
2016-03-24
Updated
2016-12-03
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
Max CVSS
9.3
EPSS Score
1.40%
Published
2016-03-24
Updated
2019-03-25
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
Max CVSS
4.3
EPSS Score
0.14%
Published
2016-03-24
Updated
2019-03-25
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.20%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
Max CVSS
7.8
EPSS Score
0.22%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.19%
Published
2016-03-24
Updated
2019-03-25
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
Max CVSS
9.3
EPSS Score
0.25%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2016-12-03
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.35%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
Max CVSS
4.3
EPSS Score
0.13%
Published
2016-03-24
Updated
2016-12-03
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
Max CVSS
6.2
EPSS Score
0.09%
Published
2016-03-29
Updated
2016-12-03
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Max CVSS
10.0
EPSS Score
4.95%
Published
2016-03-24
Updated
2016-12-03
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Max CVSS
8.1
EPSS Score
0.78%
Published
2016-03-24
Updated
2019-03-26
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
Max CVSS
3.5
EPSS Score
0.11%
Published
2016-03-24
Updated
2016-12-03
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.61%
Published
2016-03-24
Updated
2016-12-03
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!