Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2015-06-09 CVE-2015-4024 Resource Management Errors vulnerability in multiple products
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
network
low complexity
redhat apple php hp oracle CWE-399
5.0
2015-06-09 CVE-2015-4022 Numeric Errors vulnerability in multiple products
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
network
low complexity
redhat php apple CWE-189
7.5
2015-06-09 CVE-2015-4021 Numeric Errors vulnerability in multiple products
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
network
low complexity
redhat apple php CWE-189
5.0
2015-06-09 CVE-2015-3307 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.
network
low complexity
redhat apple php CWE-119
7.5
2015-06-09 CVE-2015-2783 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
5.8
2015-05-30 CVE-2015-2851 Permissions, Privileges, and Access Controls vulnerability in Synology Cloud Station
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
local
low complexity
synology apple CWE-264
6.8
2015-05-28 CVE-2015-3165 Remote Denial Of Service vulnerability in PostgreSQL
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
4.3
2015-05-28 CVE-2015-1157 Code vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
network
low complexity
apple CWE-17
7.8
2015-05-25 CVE-2014-8146 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
network
low complexity
apple icu-project CWE-119
7.5
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7