CVE Daily
← All tags

Tag: Apple iOS

All CVEs associated with "Apple iOS". Page 35/48 • 5688 CVEs.

Subscribe CVEs: RSS for “Apple iOS”  ·  RSS (High+Critical only)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-02-20
High

CVE-2017-2354

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-2352

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to by…

CVSS: 4.6 CWE: N/A View on NVD
Low

CVE-2017-2351

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock pr…

CVSS: 2.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-2350

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-7765

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive informati…

CVSS: 2.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7762

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-7759

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive informati…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-7714

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7667

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a de…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-7665

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a cr…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2016-7664

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo…

CVSS: 2.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2016-7663

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component.…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7662

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2016-7661

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7659

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7658

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2016-7657

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-7656

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7655

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users…

CVSS: 7.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
High

CVE-2016-7654

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2016-7653

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo…

CVSS: 2.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7652

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7651

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass inten…

CVSS: 5.3 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2016-7650

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to co…

CVSS: 4.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2016-7649

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7648

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7646

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7645

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7644

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-7643

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allo…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2016-7642

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7641

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7640

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7639

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7638

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this componen…

CVSS: 4.6 CWE: CWE-254 View on NVD
High

CVE-2016-7637

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7636

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-7635

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7634

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are loca…

CVSS: 4.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7632

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2016-7630

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspec…

CVSS: 9.8 CWE: CWE-254 View on NVD
Medium

CVE-2016-7627

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2016-7626

An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7623

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensi…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7621

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2016-7619

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, whic…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2016-7616

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7615

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which al…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-7612

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7611

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7610

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7607

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which al…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7606

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7601

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval…

CVSS: 6.8 CWE: CWE-254 View on NVD
Medium

CVE-2016-7599

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7598

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7597

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked st…

CVSS: 4.6 CWE: CWE-254 View on NVD
High

CVE-2016-7595

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It all…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7594

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows r…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7592

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7591

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-7589

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7588

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" compone…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-7587

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-7586

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7584

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8 CWE: CWE-254 View on NVD
Medium

CVE-2016-7581

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted U…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-7579

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component,…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7578

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger…

CVSS: 3.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode atte…

CVSS: 6.8 CWE: CWE-254 View on NVD
High

CVE-2016-4764

An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKi…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-4743

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 7.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-4721

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle…

CVSS: 5.9 CWE: CWE-254 View on NVD
High

CVE-2016-4693

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which…

CVSS: 7.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2016-4692

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-4691

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It a…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-4690

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HI…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-4689

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked…

CVSS: 7.5 CWE: CWE-254 View on NVD
High

CVE-2016-4688

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocatio…

CVSS: 4.4 CWE: CWE-264 View on NVD
Medium

CVE-2016-4685

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

CVSS: 5.9 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
Medium

CVE-2016-4680

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows at…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2016-4677

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-4675

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-4673

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover length…

CVSS: 3.3 CWE: CWE-255 View on NVD
High

CVE-2016-4669

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-4666

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2016-4665

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, wh…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-4664

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, wh…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-4660

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-09
Medium

CVE-2017-5590

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2017-02-03
Medium

CVE-2017-3824

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-3820

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could a…

CVSS: 6.5 CWE: CWE-665 - Improper Initialization View on NVD
2017-01-26
Medium

CVE-2017-3805

A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without au…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-3803

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue…

CVSS: 4.7 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
2016-12-18
Medium

CVE-2016-5193

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafte…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2016-12-14
High

CVE-2016-9215

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releas…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-9205

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2016-9201

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-9199

A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2016-6474

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication…

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2016-6473

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu…

CVSS: 6.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2016-11-19
Low

CVE-2016-6450

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulne…

CVSS: 2.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-11-03
Critical

CVE-2016-6441

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affecte…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-10-27
Medium

CVE-2016-6438

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line c…

CVSS: 5.9 CWE: CWE-264 View on NVD
2016-10-06
High

CVE-2016-6428

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-6422

Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-10-05
Medium

CVE-2016-6423

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux9754…

CVSS: 6.5 CWE: CWE-399 View on NVD
Medium

CVE-2016-6421

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.

CVSS: 5.3 CWE: CWE-399 View on NVD
High

CVE-2016-6393

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connect…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2016-6391

Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSC…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2016-6385

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2016-6380

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of ser…

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-6379

Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-6378

Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

CVSS: 7.5 CWE: CWE-399 View on NVD