Vulnerabilities > Apple > MAC OS X > 10.3.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-20 | CVE-2016-4072 | Improper Input Validation vulnerability in multiple products The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. | 9.8 |
2016-05-20 | CVE-2016-4071 | Improper Input Validation vulnerability in multiple products Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | 9.8 |
2016-05-20 | CVE-2016-1853 | Information Exposure vulnerability in Apple mac OS X Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | 5.0 |
2016-05-20 | CVE-2016-1851 | Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4 The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. | 2.1 |
2016-05-20 | CVE-2016-1850 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 6.8 |
2016-05-20 | CVE-2016-1848 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 6.8 |
2016-05-20 | CVE-2016-1847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 6.8 |
2016-05-20 | CVE-2016-1846 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. | 9.3 |
2016-05-20 | CVE-2016-1844 | Improper Access Control vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | 5.0 |
2016-05-20 | CVE-2016-1843 | Improper Input Validation vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |