CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1951 CVE-2016-4785 200 +Info 2016-05-30 2018-03-22
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices.
1952 CVE-2016-4784 200 +Info 2016-05-30 2018-03-22
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.
1953 CVE-2016-4783 79 XSS 2016-05-23 2016-05-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
1954 CVE-2016-4782 20 2016-05-23 2016-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
1955 CVE-2016-4779 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
1956 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
1957 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
1958 CVE-2016-4776 125 DoS +Info 2016-09-25 2018-10-30
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
1959 CVE-2016-4775 119 DoS Overflow +Priv Mem. Corr. 2016-09-25 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
1960 CVE-2016-4774 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
1961 CVE-2016-4773 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
1962 CVE-2016-4772 399 DoS 2016-09-25 2017-07-29
5.0
None Remote Low Not required None None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
1963 CVE-2016-4771 200 Bypass +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
1964 CVE-2016-4769 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
1965 CVE-2016-4768 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
1966 CVE-2016-4767 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
1967 CVE-2016-4766 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
1968 CVE-2016-4765 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
1969 CVE-2016-4763 310 +Info 2016-09-25 2017-07-29
4.9
None Remote Medium Single system Partial Partial None
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
1970 CVE-2016-4762 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
1971 CVE-2016-4760 284 2016-09-25 2017-07-29
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
1972 CVE-2016-4759 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
1973 CVE-2016-4758 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
1974 CVE-2016-4755 200 +Info 2016-09-25 2017-07-29
2.1
None Local Low Not required Partial None None
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
1975 CVE-2016-4754 310 2016-09-25 2017-07-29
5.0
None Remote Low Not required Partial None None
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
1976 CVE-2016-4753 20 Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
1977 CVE-2016-4752 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
1978 CVE-2016-4751 254 2016-09-25 2017-07-29
4.3
None Remote Medium Not required None Partial None
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
1979 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
1980 CVE-2016-4749 200 +Info 2016-09-18 2017-08-12
2.1
None Local Low Not required Partial None None
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
1981 CVE-2016-4748 254 Bypass 2016-09-25 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
1982 CVE-2016-4747 200 +Info 2016-09-18 2017-08-12
4.3
None Remote Medium Not required Partial None None
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
1983 CVE-2016-4746 200 +Info 2016-09-18 2017-08-12
5.0
None Remote Low Not required Partial None None
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
1984 CVE-2016-4745 200 +Info 2016-09-25 2017-07-29
5.0
None Remote Low Not required Partial None None
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
1985 CVE-2016-4742 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
1986 CVE-2016-4741 254 2016-09-18 2017-08-12
4.3
None Remote Medium Not required None None Partial
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
1987 CVE-2016-4740 200 +Info 2016-09-18 2017-08-12
1.9
None Local Medium Not required Partial None None
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
1988 CVE-2016-4739 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
1989 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-06-18
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
1990 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
1991 CVE-2016-4736 119 DoS Overflow Mem. Corr. 2016-09-25 2017-11-13
9.3
None Remote Medium Not required Complete Complete Complete
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
1992 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
1993 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
1994 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
1995 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
1996 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
1997 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
1998 CVE-2016-4728 20 Exec Code 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
1999 CVE-2016-4727 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2000 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Total number of vulnerabilities : 6447   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 (This Page)41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.