Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4582 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
local
low complexity
apple CWE-119
7.8
2016-07-22 CVE-2016-1863 Use After Free vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
local
low complexity
apple CWE-416
7.8
2016-07-22 CVE-2014-9862 Integer Overflow or Wraparound vulnerability in Apple mac OS X
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
local
low complexity
apple CWE-190
7.8
2016-06-19 CVE-2016-1861 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
local
low complexity
apple CWE-119
7.8
2016-06-09 CVE-2016-4447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
network
low complexity
hp canonical debian oracle apple xmlsoft mcafee CWE-119
7.5
2016-05-20 CVE-2016-1859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-05-20 CVE-2016-1857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-05-20 CVE-2016-1856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-05-20 CVE-2016-1855 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
network
low complexity
apple CWE-119
8.8
2016-05-20 CVE-2016-1854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
network
low complexity
apple webkitgtk CWE-119
8.8