Vulnerabilities > Apple > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-22 | CVE-2014-9862 | Integer Overflow or Wraparound vulnerability in Apple mac OS X Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. | 7.2 |
| 2016-06-26 | CVE-2015-7988 | NULL Pointer Dereference Remote Code Execution vulnerability in mDNSResponder The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 7.5 |
| 2016-06-09 | CVE-2016-4447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | 7.5 |
| 2016-05-20 | CVE-2016-1841 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 8.8 |
| 2016-05-20 | CVE-2016-1830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829. | 8.5 |
| 2016-05-20 | CVE-2016-1809 | Information Disclosure vulnerability in Apple Mac OS X Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. | 7.8 |
| 2016-05-20 | CVE-2016-1742 | Permissions, Privileges, and Access Controls vulnerability in Apple Itunes Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
| 2016-05-20 | CVE-2015-8865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | 7.3 |
| 2016-05-11 | CVE-2016-4106 | Remote Code Execution vulnerability in Adobe Reader and Acrobat APSB16-14 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. | 7.2 |
| 2016-05-11 | CVE-2016-1090 | Remote Code Execution vulnerability in Adobe Reader and Acrobat APSB16-14 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-4106. | 7.2 |