Vulnerabilities > Apple > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-05-26 CVE-2016-0718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
9.8
2016-05-20 CVE-2016-4073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.
network
low complexity
php apple CWE-119
critical
9.8
2016-05-20 CVE-2016-4072 Improper Input Validation vulnerability in multiple products
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.
network
low complexity
php apple CWE-20
critical
9.8
2016-05-20 CVE-2016-4071 Improper Input Validation vulnerability in multiple products
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
network
low complexity
php apple CWE-20
critical
9.8
2016-03-31 CVE-2016-3141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
network
low complexity
apple php CWE-119
critical
9.8
2016-03-24 CVE-2016-1761 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
network
low complexity
apple CWE-119
critical
9.8
2016-03-24 CVE-2016-1741 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
low complexity
apple CWE-119
critical
9.8
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8
2016-02-07 CVE-2016-0801 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
network
low complexity
apple google CWE-20
critical
9.8
2016-01-12 CVE-2015-8659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
network
low complexity
apple nghttp2 CWE-119
critical
10.0