Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-1863 Use After Free vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
local
low complexity
apple CWE-416
7.8
2016-07-22 CVE-2014-9862 Integer Overflow or Wraparound vulnerability in Apple mac OS X
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
local
low complexity
apple CWE-190
7.8
2016-07-03 CVE-2015-7029 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Airport Base Station Firmware
Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
apple CWE-119
critical
9.8
2016-06-26 CVE-2015-7988 Unspecified vulnerability in Apple products
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
network
low complexity
apple
critical
9.8
2016-06-26 CVE-2015-7987 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
network
low complexity
apple CWE-119
critical
9.8
2016-06-19 CVE-2016-1864 Information Exposure vulnerability in Apple Safari
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
network
low complexity
apple CWE-200
4.3
2016-06-19 CVE-2016-1862 7PK - Security Features vulnerability in Apple mac OS X
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
local
low complexity
apple CWE-254
3.3
2016-06-19 CVE-2016-1861 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
local
low complexity
apple CWE-119
7.8
2016-06-19 CVE-2016-1860 7PK - Security Features vulnerability in Apple mac OS X
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.
local
low complexity
apple CWE-254
3.3
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8