Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1791 Information Exposure vulnerability in Apple mac OS X
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
network
apple CWE-200
4.3
2016-05-20 CVE-2015-8865 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
local
low complexity
php apple CWE-119
7.3
2016-03-31 CVE-2016-3142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
network
low complexity
php apple CWE-119
8.2
2016-03-31 CVE-2016-3141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
network
low complexity
apple php CWE-119
critical
9.8
2016-03-24 CVE-2016-1788 Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Watchos
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
network
high complexity
apple CWE-310
2.6
2016-03-24 CVE-2016-1775 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
network
apple CWE-119
critical
9.3
2016-03-24 CVE-2016-1773 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
local
low complexity
apple CWE-264
2.1
2016-03-24 CVE-2016-1770 Improper Access Control vulnerability in Apple mac OS X
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
network
apple CWE-284
4.3
2016-03-24 CVE-2016-1769 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
network
apple CWE-119
6.8
2016-03-24 CVE-2016-1768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
network
apple CWE-119
6.8