Skip to main content
CVE-2016-1839 MEDIUM POC PATCH THREAT This Month

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Information Disclosure Apple Buffer Overflow Iphone Os +13
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
10.8%
CVE-2016-1838 MEDIUM POC PATCH THREAT This Month

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

Denial Of Service Information Disclosure Apple Buffer Overflow Ubuntu Linux +13
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
10.7%
CVE-2016-1833 MEDIUM POC PATCH This Month

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Apple Buffer Overflow Iphone Os +13
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2016-1837 MEDIUM POC PATCH This Month

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Denial Of Service Use After Free Ubuntu Linux +13
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-1807 MEDIUM POC This Month

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Apple Information Disclosure Mac Os X Watchos +2
NVD Exploit-DB
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-1858 MEDIUM This Month

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Iphone Os Tvos +1
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-4439 MEDIUM PATCH This Month

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Qemu +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2016-1811 MEDIUM This Month

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Null Pointer Dereference Watchos Tvos +2
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-4441 MEDIUM PATCH This Month

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-1836 MEDIUM PATCH This Month

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Apple Denial Of Service Use After Free Ubuntu Linux +13
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2016-1802 MEDIUM This Month

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-1814 MEDIUM This Month

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Null Pointer Dereference Mac Os X Iphone Os +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-1844 MEDIUM This Month

The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2016-3739 MEDIUM This Month

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Curl
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2016-2100 MEDIUM This Month

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Foreman
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1851 MEDIUM This Month

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy