Vulnerabilities > Apple > MAC OS X > 10.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-20 | CVE-2016-1791 | Information Exposure vulnerability in Apple mac OS X The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |
| 2016-05-20 | CVE-2015-8865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | 7.3 |
| 2016-03-31 | CVE-2016-3142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. | 8.2 |
| 2016-03-31 | CVE-2016-3141 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | 9.8 |
| 2016-03-24 | CVE-2016-1788 | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Watchos Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | 2.6 |
| 2016-03-24 | CVE-2016-1775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 9.3 |
| 2016-03-24 | CVE-2016-1773 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | 2.1 |
| 2016-03-24 | CVE-2016-1770 | Improper Access Control vulnerability in Apple mac OS X The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | 4.3 |
| 2016-03-24 | CVE-2016-1769 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. | 6.8 |
| 2016-03-24 | CVE-2016-1768 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. | 6.8 |