Vulnerabilities > Apple > MAC OS X > 10.9.5

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3663 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3662 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3659 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple CWE-264
6.8
2015-07-03 CVE-2015-3658 7PK - Security Features vulnerability in Apple Iphone OS, mac OS X and Safari
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
network
apple CWE-254
6.8
2015-06-09 CVE-2015-4148 Improper Input Validation vulnerability in multiple products
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
network
low complexity
apple redhat php CWE-20
5.0
2015-06-09 CVE-2015-4147 Data Processing Errors vulnerability in multiple products
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.
network
low complexity
redhat apple php CWE-19
7.5
2015-06-09 CVE-2015-4026 Data Processing Errors vulnerability in multiple products
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.
network
low complexity
redhat php apple CWE-19
7.5
2015-06-09 CVE-2015-4025 Data Processing Errors vulnerability in multiple products
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.
network
low complexity
apple php redhat CWE-19
7.5
2015-06-09 CVE-2015-4024 Resource Management Errors vulnerability in multiple products
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
network
low complexity
redhat apple php hp oracle CWE-399
5.0