CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3403 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for … | |||
| CVE-2016-4887 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4886 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4885 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4884 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4882 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4881 | high | 8.8 | 8.8 | 9y ago | CSRF in baserCMS 3.0.10 and earlier | |||
| CVE-2016-4879 | high | 8.8 | 8.8 | 9y ago | CSRF in baserCMS 3.0.10 and earlier | |||
| CVE-2016-4878 | high | 8.8 | 8.8 | 9y ago | baserCMS Cross Site Request Forgery vulnerability | |||
| CVE-2016-4876 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspeci… | |||
| CVE-2016-10277 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Cr… | |||
| CVE-2016-9092 | high | 8.8 | 8.8 | 9y ago | The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote atta… | |||
| CVE-2016-5889 | high | 8.8 | 8.8 | 9y ago | IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t… | |||
| CVE-2016-9251 | high | 8.8 | 8.8 | 9y ago | In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. | |||
| CVE-2016-8202 | high | 8.8 | 8.8 | 9y ago | A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate t… | |||
| CVE-2016-8593 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the … | |||
| CVE-2016-8592 | high | 8.8 | 8.8 | 9y ago | log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cach… | |||
| CVE-2016-8591 | high | 8.8 | 8.8 | 9y ago | log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id pa… | |||
| CVE-2016-8590 | high | 8.8 | 8.8 | 9y ago | log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_i… | |||
| CVE-2016-8589 | high | 8.8 | 8.8 | 9y ago | log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_i… | |||
| CVE-2016-8586 | high | 8.8 | 8.8 | 9y ago | detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in … | |||
| CVE-2016-8585 | high | 8.8 | 8.8 | 9y ago | admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezo… | |||
| CVE-2016-4313 | high | 7.8 | 8.8 | 9y ago | Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||
| CVE-2016-5399 | high | 7.8 | 8.8 | 9y ago | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary co… | |||
| CVE-2016-2433 | high | 8.8 | 8.8 | 9y ago | The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | |||
| CVE-2016-0720 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||
| CVE-2016-5401 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web pag… | |||
| CVE-2016-3734 | high | 8.8 | 8.8 | 9y ago | Moodle Cross-site request forgery (CSRF) vulnerability | |||
| CVE-2016-4862 | high | 8.8 | 8.8 | 9y ago | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||
| CVE-2016-1218 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-4889 | high | 8.8 | 8.8 | 9y ago | ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. | |||
| CVE-2016-0727 | high | 7.8 | 8.8 | 9y ago | The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3… | |||
| CVE-2016-7834 | high | 8.8 | 8.8 | 9y ago | SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-E… | |||
| CVE-2016-5313 | high | 8.8 | 8.8 | 9y ago | Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||
| CVE-2016-4895 | high | 8.8 | 8.8 | 9y ago | SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. | |||
| CVE-2016-4893 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4891 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | |||
| CVE-2016-8718 | high | 8.8 | 8.8 | 9y ago | An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a … | |||
| CVE-2016-4468 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime b… | |||
| CVE-2016-6811 | high | 8.8 | 8.8 | 9y ago | Insecure Inherited Permissions in Apache Hadoop | |||
| CVE-2016-10322 | high | 8.8 | 8.8 | 9y ago | Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | |||
| CVE-2016-5072 | high | 8.8 | 8.8 | 9y ago | OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9,… | |||
| CVE-2016-5071 | high | 8.8 | 8.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |||
| CVE-2016-5067 | high | 8.8 | 8.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||
| CVE-2016-4319 | high | 8.8 | 8.8 | 9y ago | Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | |||
| CVE-2016-1516 | high | 8.8 | 8.8 | 9y ago | Double Free in OpenCV | |||
| CVE-2016-6100 | high | 8.8 | 8.8 | 9y ago | IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou… | |||
| CVE-2016-10314 | high | 8.8 | 8.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read … | |||
| CVE-2016-10313 | high | 8.8 | 8.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-8917 | high | 8.8 | 8.8 | 9y ago | IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit… | |||
| CVE-2016-2379 | high | 8.8 | 8.8 | 9y ago | The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain log… | |||
| CVE-2016-9456 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other pote… | |||
| CVE-2016-9455 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/a… | |||
| CVE-2016-9127 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send… | |||
| CVE-2016-8960 | high | 8.8 | 8.8 | 9y ago | IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu… | |||
| CVE-2016-10225 | high | 7.8 | 8.8 | 9y ago | The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | |||
| CVE-2016-10273 | high | 8.8 | 8.8 | 9y ago | Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.0… | |||
| CVE-2016-5758 | high | 8.8 | 8.8 | 9y ago | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | |||
| CVE-2016-5750 | high | 8.8 | 8.8 | 9y ago | The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allow… | |||
| CVE-2016-1597 | high | 8.8 | 8.8 | 9y ago | A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | |||
| CVE-2016-4504 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generate… | |||
| CVE-2016-4929 | high | 8.8 | 8.8 | 9y ago | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | |||
| CVE-2016-4928 | high | 8.8 | 8.8 | 9y ago | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | |||
| CVE-2016-8008 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a… | |||
| CVE-2016-8714 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting i… | |||
| CVE-2016-9726 | high | 8.8 | 8.8 | 9y ago | IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne… | |||
| CVE-2016-8940 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… | |||
| CVE-2016-7408 | high | 8.8 | 8.8 | 9y ago | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | |||
| CVE-2016-10206 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspe… | |||
| CVE-2016-5374 | high | 8.8 | 8.8 | 9y ago | NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e… | |||
| CVE-2016-2226 | high | 7.8 | 8.8 | 9y ago | Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | |||
| CVE-2016-9975 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that … | |||
| CVE-2016-9314 | high | 7.8 | 8.8 | 9y ago | Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent… | |||
| CVE-2016-7661 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr… | |||
| CVE-2016-7660 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow… | |||
| CVE-2016-7659 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows… | |||
| CVE-2016-7658 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows… | |||
| CVE-2016-7656 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7654 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7652 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7649 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7648 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7646 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7645 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7644 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7642 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7641 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7640 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7639 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7637 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7635 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7633 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial … | |||
| CVE-2016-7632 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7621 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7617 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7612 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7611 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7610 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7596 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7595 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It all… |