Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-4072 Improper Input Validation vulnerability in multiple products
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.
network
low complexity
php apple CWE-20
critical
9.8
2016-05-20 CVE-2016-4071 Improper Input Validation vulnerability in multiple products
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
network
low complexity
php apple CWE-20
critical
9.8
2016-05-20 CVE-2016-1853 Information Exposure vulnerability in Apple mac OS X
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
network
low complexity
apple CWE-200
5.0
2016-05-20 CVE-2016-1851 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
local
low complexity
apple
2.1
2016-05-20 CVE-2016-1850 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
network
apple CWE-119
6.8
2016-05-20 CVE-2016-1848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
network
apple CWE-119
6.8
2016-05-20 CVE-2016-1847 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
6.8
2016-05-20 CVE-2016-1846 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-05-20 CVE-2016-1844 Improper Access Control vulnerability in Apple mac OS X
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.
network
low complexity
apple CWE-284
5.0
2016-05-20 CVE-2016-1843 Improper Input Validation vulnerability in Apple mac OS X
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple CWE-20
5.0