The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Max CVSS
8.2
EPSS Score
11.36%
Published
2016-03-31
Updated
2018-01-05
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Max CVSS
9.8
EPSS Score
6.87%
Published
2016-03-31
Updated
2018-01-05
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
Max CVSS
8.8
EPSS Score
0.98%
Published
2016-03-13
Updated
2019-12-27
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
Max CVSS
5.9
EPSS Score
0.45%
Published
2016-03-24
Updated
2016-12-03
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Max CVSS
9.3
EPSS Score
1.22%
Published
2016-03-24
Updated
2019-03-25
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-03-24
Updated
2016-12-03
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
Max CVSS
6.5
EPSS Score
0.14%
Published
2016-03-24
Updated
2016-12-03
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
Max CVSS
7.8
EPSS Score
21.84%
Published
2016-03-24
Updated
2017-09-08
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
Max CVSS
7.8
EPSS Score
21.84%
Published
2016-03-24
Updated
2017-09-08
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
Max CVSS
7.8
EPSS Score
21.84%
Published
2016-03-24
Updated
2016-12-03
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
Max CVSS
4.3
EPSS Score
0.50%
Published
2016-03-24
Updated
2016-12-03
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Max CVSS
8.1
EPSS Score
0.78%
Published
2016-03-24
Updated
2019-03-26
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Max CVSS
10.0
EPSS Score
4.95%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.17%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
Max CVSS
4.3
EPSS Score
0.13%
Published
2016-03-24
Updated
2016-12-03
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.35%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
Max CVSS
9.3
EPSS Score
0.25%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2019-03-25
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2019-03-25
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.19%
Published
2016-03-24
Updated
2019-03-25
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.20%
Published
2016-03-24
Updated
2019-03-25
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.24%
Published
2016-03-24
Updated
2017-09-08
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
Max CVSS
4.3
EPSS Score
0.14%
Published
2016-03-24
Updated
2019-03-25
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
Max CVSS
9.3
EPSS Score
0.20%
Published
2016-03-24
Updated
2016-12-03
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!