CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4401 CVE-2016-1805 284 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4402 CVE-2016-1804 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4403 CVE-2016-1803 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4404 CVE-2016-1800 20 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
4405 CVE-2016-1799 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4406 CVE-2016-1797 284 Exec Code Bypass 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
4407 CVE-2016-1795 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4408 CVE-2016-1794 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4409 CVE-2016-1793 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4410 CVE-2016-1792 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4411 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
4412 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-23 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
4413 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
4414 CVE-2016-1762 119 DoS Overflow 2016-03-23 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
4415 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
4416 CVE-2016-1759 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4417 CVE-2016-1757 362 Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4418 CVE-2016-1756 DoS Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4419 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
4420 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
4421 CVE-2016-1753 189 Exec Code Overflow 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
4422 CVE-2016-1752 20 DoS 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
4423 CVE-2016-1751 264 Exec Code Bypass 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
4424 CVE-2016-1750 Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4425 CVE-2016-1749 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4426 CVE-2016-1747 20 DoS Exec Code Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
4427 CVE-2016-1746 20 DoS Exec Code Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
4428 CVE-2016-1744 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
4429 CVE-2016-1743 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
4430 CVE-2016-1741 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4431 CVE-2016-1740 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
4432 CVE-2016-1736 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
4433 CVE-2016-1735 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
4434 CVE-2016-1733 20 DoS Exec Code Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4435 CVE-2016-1727 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
4436 CVE-2016-1726 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
4437 CVE-2016-1725 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
4438 CVE-2016-1724 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
4439 CVE-2016-1723 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
4440 CVE-2016-1706 20 Bypass 2016-07-23 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
4441 CVE-2016-1669 119 DoS Overflow 2016-05-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
4442 CVE-2016-1662 DoS 2016-05-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
4443 CVE-2016-1659 DoS 2016-04-18 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
4444 CVE-2016-1653 119 DoS Overflow 2016-04-18 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
4445 CVE-2016-1650 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
4446 CVE-2016-1649 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
4447 CVE-2016-1648 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
4448 CVE-2016-1647 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4449 CVE-2016-1646 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
4450 CVE-2016-1645 119 DoS Overflow 2016-03-13 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.