Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Watchos  >> 2.2.2  Security Vulnerabilities
CVE-2016-4718
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
CVSS Score
6.5
EPSS Score
0.023
Published
2016-09-25
CVE-2016-4712
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVSS Score
7.8
EPSS Score
0.004
Published
2016-09-25
CVE-2016-4708
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
CVSS Score
6.5
EPSS Score
0.042
Published
2016-09-25
CVE-2016-4702
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.141
Published
2016-09-25
CVE-2016-4658
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
CVSS Score
9.8
EPSS Score
0.193
Published
2016-09-25
CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVSS Score
8.8
EPSS Score
0.035
Published
2016-07-23
CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-01-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved