Vulnerabilities > Apple > MAC OS X > 10.1.4

DATE CVE VULNERABILITY TITLE RISK
2016-03-31 CVE-2016-3142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
network
low complexity
php apple CWE-119
8.2
2016-03-31 CVE-2016-3141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
network
low complexity
apple php CWE-119
critical
9.8
2016-03-24 CVE-2016-1788 Cryptographic Issues vulnerability in Apple Iphone OS and Watchos
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
network
high complexity
apple CWE-310
5.9
2016-03-24 CVE-2016-1775 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1773 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
local
low complexity
apple CWE-264
3.3
2016-03-24 CVE-2016-1770 Improper Access Control vulnerability in Apple mac OS X
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
network
low complexity
apple CWE-284
6.5
2016-03-24 CVE-2016-1769 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1767 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1764 Information Exposure vulnerability in Apple mac OS X
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
network
low complexity
apple CWE-200
4.3