Vulnerabilities > Apple > MAC OS X > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1734 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | 6.8 |
| 2016-03-24 | CVE-2016-1732 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.5 |
| 2016-01-31 | CVE-2016-1941 | Cross-site Scripting vulnerability in multiple products The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | 6.1 |
| 2016-01-14 | CVE-2016-0777 | Information Exposure vulnerability in multiple products The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | 6.5 |
| 2016-01-11 | CVE-2015-7024 | Unspecified vulnerability in Apple mac OS X Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | 6.7 |
| 2016-01-10 | CVE-2015-7116 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Tvos libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | 4.3 |
| 2016-01-10 | CVE-2015-7115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | 4.3 |
| 2015-12-06 | CVE-2015-3195 | Information Exposure vulnerability in multiple products The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | 5.3 |
| 2014-09-18 | CVE-2014-4373 | Unspecified vulnerability in Apple Iphone OS The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | 5.5 |
| 2011-06-30 | CVE-2009-5078 | 7PK - Security Features vulnerability in multiple products contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | 6.5 |