CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2016-5036 125 DoS 2017-02-17 2022-03-01
5.0
None Remote Low Not required None None Partial
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.
852 CVE-2016-5035 125 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
853 CVE-2016-5034 787 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.
854 CVE-2016-5033 125 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
855 CVE-2016-5032 125 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
856 CVE-2016-5031 125 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
857 CVE-2016-5030 476 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
858 CVE-2016-5029 476 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
859 CVE-2016-5028 476 DoS 2017-02-17 2022-03-01
4.3
None Remote Medium Not required None None Partial
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
860 CVE-2016-5027 476 DoS 2017-02-24 2022-03-01
4.3
None Remote Medium Not required None None Partial
dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.
861 CVE-2016-4988 79 XSS 2017-02-09 2019-10-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
862 CVE-2016-4987 22 Dir. Trav. 2017-02-09 2019-10-28
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
863 CVE-2016-4986 22 Dir. Trav. 2017-02-09 2019-10-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
864 CVE-2016-4861 89 Sql 2017-02-17 2018-10-21
7.5
None Remote Low Not required Partial Partial Partial
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
865 CVE-2016-4797 369 DoS 2017-02-03 2020-09-09
4.3
None Remote Medium Not required None None Partial
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
866 CVE-2016-4796 119 DoS Overflow 2017-02-03 2020-09-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
867 CVE-2016-4781 254 Bypass 2017-02-20 2017-07-27
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.
868 CVE-2016-4780 476 DoS Exec Code 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
869 CVE-2016-4764 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2020-01-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
870 CVE-2016-4743 119 DoS Overflow Mem. Corr. +Info 2017-02-20 2017-07-27
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.
871 CVE-2016-4721 254 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
872 CVE-2016-4693 326 Bypass 2017-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
873 CVE-2016-4692 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
874 CVE-2016-4691 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
875 CVE-2016-4690 20 Exec Code 2017-02-20 2017-07-27
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.
876 CVE-2016-4689 254 2017-02-20 2017-07-27
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.
877 CVE-2016-4688 119 DoS Exec Code Overflow 2017-02-20 2019-03-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font.
878 CVE-2016-4686 264 2017-02-20 2017-07-29
3.6
None Local Low Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
879 CVE-2016-4685 326 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
880 CVE-2016-4683 119 DoS Exec Code Overflow 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.
881 CVE-2016-4682 125 DoS +Info 2017-02-20 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.
882 CVE-2016-4681 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
883 CVE-2016-4680 200 +Info 2017-02-20 2019-03-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
884 CVE-2016-4679 59 2017-02-20 2019-03-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
885 CVE-2016-4678 476 DoS +Priv 2017-02-20 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
886 CVE-2016-4677 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2019-03-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
887 CVE-2016-4675 264 Exec Code 2017-02-20 2019-03-22
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
888 CVE-2016-4674 119 DoS Overflow +Priv Mem. Corr. 2017-02-20 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
889 CVE-2016-4673 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2019-03-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
890 CVE-2016-4671 787 DoS Exec Code 2017-02-20 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.
891 CVE-2016-4670 255 2017-02-20 2017-02-21
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
892 CVE-2016-4669 20 DoS Exec Code 2017-02-20 2020-08-14
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
893 CVE-2016-4667 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
894 CVE-2016-4666 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
895 CVE-2016-4665 200 +Info 2017-02-20 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
896 CVE-2016-4664 200 +Info 2017-02-20 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.
897 CVE-2016-4663 119 DoS Overflow Mem. Corr. 2017-02-20 2017-07-29
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.
898 CVE-2016-4662 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
899 CVE-2016-4661 20 DoS 2017-02-20 2017-07-29
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.
900 CVE-2016-4660 200 DoS +Info 2017-02-20 2019-03-08
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.