CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2016-7612 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
652 CVE-2016-7611 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
653 CVE-2016-7610 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
654 CVE-2016-7609 476 DoS 2017-02-20 2017-07-27
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
655 CVE-2016-7608 200 +Info 2017-02-20 2017-07-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
656 CVE-2016-7607 200 +Info 2017-02-20 2018-10-30
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.
657 CVE-2016-7606 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
658 CVE-2016-7605 476 DoS 2017-02-20 2017-07-27
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
659 CVE-2016-7604 476 DoS 2017-02-20 2017-07-27
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
660 CVE-2016-7603 476 DoS 2017-02-20 2017-07-27
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
661 CVE-2016-7602 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
662 CVE-2016-7601 254 2017-02-20 2017-07-27
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.
663 CVE-2016-7600 200 +Info 2017-02-20 2017-07-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
664 CVE-2016-7599 200 Bypass +Info 2017-02-20 2017-07-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.
665 CVE-2016-7598 200 +Info 2017-02-20 2017-07-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
666 CVE-2016-7597 254 2017-02-20 2017-07-27
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.
667 CVE-2016-7596 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
668 CVE-2016-7595 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
669 CVE-2016-7594 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
670 CVE-2016-7592 200 +Info 2017-02-20 2017-07-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
671 CVE-2016-7591 416 DoS Exec Code 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
672 CVE-2016-7589 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
673 CVE-2016-7588 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
674 CVE-2016-7587 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
675 CVE-2016-7586 200 +Info 2017-02-20 2017-07-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
676 CVE-2016-7584 254 2017-02-20 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
677 CVE-2016-7583 264 +Priv 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.
678 CVE-2016-7582 264 DoS Exec Code Mem. Corr. 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
679 CVE-2016-7581 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.
680 CVE-2016-7580 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
681 CVE-2016-7579 200 +Info 2017-02-20 2019-03-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
682 CVE-2016-7578 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2019-03-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
683 CVE-2016-7577 200 Mem. Corr. +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
684 CVE-2016-7565 284 Exec Code 2017-02-13 2018-02-27
7.5
None Remote Low Not required Partial Partial Partial
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
685 CVE-2016-7553 275 +Info 2017-02-27 2017-03-15
2.1
None Local Low Not required Partial None None
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
686 CVE-2016-7511 190 DoS Overflow 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
687 CVE-2016-7510 125 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
688 CVE-2016-7499 369 DoS 2017-02-15 2017-02-17
4.3
None Remote Medium Not required None None Partial
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
689 CVE-2016-7477 476 DoS 2017-02-15 2017-02-17
4.3
None Remote Medium Not required None None Partial
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.
690 CVE-2016-7449 125 DoS 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
691 CVE-2016-7448 399 DoS 2017-02-06 2019-04-12
7.8
None Remote Low Not required None None Complete
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
692 CVE-2016-7447 119 Overflow 2017-02-06 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
693 CVE-2016-7446 119 Overflow 2017-02-06 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
694 CVE-2016-7400 89 Exec Code Sql 2017-02-07 2018-02-27
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
695 CVE-2016-7393 125 DoS Overflow 2017-02-15 2017-02-17
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
696 CVE-2016-7392 787 DoS Overflow 2017-02-15 2017-08-28
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.
697 CVE-2016-7164 20 DoS 2017-02-07 2017-02-13
5.0
None Remote Low Not required None None Partial
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
698 CVE-2016-7147 79 XSS 2017-02-04 2017-02-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
699 CVE-2016-7111 79 XSS 2017-02-17 2017-02-22
2.6
None Remote High Not required None Partial None
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
700 CVE-2016-6875 2017-02-17 2017-02-22
7.5
None Remote Low Not required Partial Partial Partial
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.