Search Results (13968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1790 1 Apple 1 Iphone Os 2025-04-12 N/A
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-1788 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
CVE-2016-1791 1 Apple 1 Mac Os X 2025-04-12 N/A
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-1792 1 Apple 1 Mac Os X 2025-04-12 N/A
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1812 1 Apple 1 Mac Os X 2025-04-12 N/A
Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1818 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
CVE-2016-1848 1 Apple 1 Mac Os X 2025-04-12 N/A
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-1850 1 Apple 1 Mac Os X 2025-04-12 N/A
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-1851 1 Apple 1 Mac Os X 2025-04-12 N/A
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
CVE-2016-1853 1 Apple 1 Mac Os X 2025-04-12 N/A
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
CVE-2016-1862 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
CVE-2014-3707 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 N/A
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
CVE-2015-1076 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
CVE-2015-3731 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-5914 1 Apple 1 Mac Os X 2025-04-12 N/A
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
CVE-2016-3685 3 Apple, Microsoft, Sap 3 Macos, Windows, Download Manager 2025-04-12 N/A
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.
CVE-2016-4147 8 Adobe, Apple, Google and 5 more 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more 2025-04-12 8.8 High
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-4225 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.
CVE-2016-4283 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
CVE-2016-4596 1 Apple 1 Mac Os X 2025-04-12 N/A
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.