Apple

macOS X

3207 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2016-1861

  • EPSS 1.87%
  • Published 19.06.2016 20:59:08
  • Last modified 12.04.2025 10:46:40

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.

4.3

CVE-2016-1860

  • EPSS 0.17%
  • Published 19.06.2016 20:59:07
  • Last modified 12.04.2025 10:46:40

Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.

10

CVE-2016-4448

  • EPSS 1.2%
  • Published 09.06.2016 16:59:06
  • Last modified 12.04.2025 10:46:40

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

7.5

CVE-2016-4447

Exploit
  • EPSS 3.33%
  • Published 09.06.2016 16:59:05
  • Last modified 12.04.2025 10:46:40

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

9.8

CVE-2016-0718

  • EPSS 1.5%
  • Published 26.05.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8

CVE-2016-4073

Exploit
  • EPSS 6.63%
  • Published 20.05.2016 11:00:18
  • Last modified 12.04.2025 10:46:40

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute...

9.8

CVE-2016-4072

  • EPSS 11.14%
  • Published 20.05.2016 11:00:16
  • Last modified 12.04.2025 10:46:40

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar...

9.8

CVE-2016-4071

Exploit
  • EPSS 32.58%
  • Published 20.05.2016 11:00:15
  • Last modified 12.04.2025 10:46:40

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

7.5

CVE-2016-1853

  • EPSS 1.29%
  • Published 20.05.2016 11:00:06
  • Last modified 12.04.2025 10:46:40

Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.

4.6

CVE-2016-1851

  • EPSS 0.09%
  • Published 20.05.2016 11:00:04
  • Last modified 12.04.2025 10:46:40

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.