Vulnerabilities > Apple > MAC OS X

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2015-8865 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
local
low complexity
php apple CWE-119
7.3
2016-05-14 CVE-2016-1208 Information Exposure vulnerability in multiple products
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
network
low complexity
apple filemaker CWE-200
7.5
2016-05-05 CVE-2016-2105 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
7.5
2016-03-31 CVE-2016-3142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
network
low complexity
php apple CWE-119
8.2
2016-03-31 CVE-2016-3141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
network
low complexity
apple php CWE-119
critical
9.8
2016-03-24 CVE-2016-1788 Cryptographic Issues vulnerability in Apple Iphone OS and Watchos
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
network
high complexity
apple CWE-310
5.9
2016-03-24 CVE-2016-1775 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1773 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
local
low complexity
apple CWE-264
3.3
2016-03-24 CVE-2016-1770 Improper Access Control vulnerability in Apple mac OS X
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
network
low complexity
apple CWE-284
6.5
2016-03-24 CVE-2016-1769 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
local
low complexity
apple CWE-119
7.8