Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-20 | CVE-2016-1791 | Information Exposure vulnerability in Apple mac OS X The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 3.3 |
| 2016-05-20 | CVE-2016-1790 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 3.3 |
| 2016-05-20 | CVE-2016-1742 | Permissions, Privileges, and Access Controls vulnerability in Apple Itunes Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.8 |
| 2016-05-20 | CVE-2015-8865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | 7.3 |
| 2016-05-14 | CVE-2016-1208 | Information Exposure vulnerability in multiple products The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | 7.5 |
| 2016-05-05 | CVE-2016-2105 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | 7.5 |
| 2016-04-05 | CVE-2016-1789 | Unspecified vulnerability in Apple Ibooks Author 2.4.0 Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |
| 2016-03-31 | CVE-2016-3142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. | 8.2 |
| 2016-03-31 | CVE-2016-3141 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | 9.8 |
| 2016-03-29 | CVE-2016-1760 | Improper Access Control vulnerability in Apple Iphone OS The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | 6.2 |