Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4778 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4777 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | |||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-4713 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||||
| CVE-2016-4686 | 1 Apple | 1 Iphone Os | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. | |||||
| CVE-2016-4675 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-4654 | 1 Apple | 1 Iphone Os | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
| CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | |||||
| CVE-2016-4633 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4617 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | |||||
| CVE-2016-4573 | 1 Fortinet | 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. | |||||
| CVE-2016-4565 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | |||||
| CVE-2016-4534 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2024-11-21 | 3.0 LOW | 3.0 LOW |
| The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | |||||
| CVE-2016-4505 | 1 Resourcedm | 1 Intuitive 650 Tdb Controller | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||||
| CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
| CVE-2016-4471 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2016-4455 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
| CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | |||||
| CVE-2016-4435 | 1 Pivotal | 1 Bosh Stemcell | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | |||||