|
265421
|
9.1 |
CRITICAL
Network
|
apple
|
mac_os_x
os_x_server
|
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data…
|
CWE-284
Improper Access Control
|
CVE-2016-4694
|
2024-11-21 11:52 |
2016-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265422
|
9.8 |
CRITICAL
Network
|
apple
xmlsoft
|
watchos
tvos
iphone_os
mac_os_x
libxml2
|
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, wh…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4658
|
2024-11-21 11:52 |
2016-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265423
|
6.1 |
MEDIUM
Network
|
apple
|
safari
iphone_os
|
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Unive…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4618
|
2024-11-21 11:52 |
2016-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265424
|
8.8 |
HIGH
Network
|
apple
|
tvos
iphone_os
safari
|
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differ…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4611
|
2024-11-21 11:52 |
2016-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265425
|
9.8 |
CRITICAL
Network
|
apache
|
cxf_fediz
|
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers…
|
CWE-284
Improper Access Control
|
CVE-2016-4464
|
2024-11-21 11:52 |
2016-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265426
|
8.6 |
HIGH
Network
|
hp
|
performance_center
loadrunner
|
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-4384
|
2024-11-21 11:52 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265427
|
7.5 |
HIGH
Local
|
trane
|
tracer_sc
|
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2016-4526
|
2024-11-21 11:52 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265428
|
3.3 |
LOW
Local
|
apple
|
iphone_os
|
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
|
CWE-200
Information Exposure
|
CVE-2016-4749
|
2024-11-21 11:52 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265429
|
3.7 |
LOW
Network
|
apple
|
iphone_os
|
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4747
|
2024-11-21 11:52 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265430
|
5.3 |
MEDIUM
Network
|
apple
|
iphone_os
|
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances…
|
CWE-200
Information Exposure
|
CVE-2016-4746
|
2024-11-21 11:52 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
