Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1797 Improper Access Control vulnerability in Apple mac OS X
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
local
low complexity
apple CWE-284
7.8
2016-05-20 CVE-2016-1795 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1794 Unspecified vulnerability in Apple mac OS X
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
local
low complexity
apple
7.8
2016-05-20 CVE-2016-1793 Unspecified vulnerability in Apple mac OS X
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
local
low complexity
apple
7.8
2016-05-20 CVE-2016-1792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1742 Permissions, Privileges, and Access Controls vulnerability in Apple Itunes
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
local
low complexity
apple CWE-264
7.8
2016-05-20 CVE-2015-8865 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
local
low complexity
php apple CWE-119
7.3
2016-05-14 CVE-2016-1208 Information Exposure vulnerability in multiple products
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
network
low complexity
apple filemaker CWE-200
7.5
2016-05-05 CVE-2016-2105 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
7.5