National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.1.4
There are 2,949 matching records.
Displaying matches 1441 through 1460.
Vuln ID Summary CVSS Severity
CVE-2016-1012

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.

Published: April 08, 2016; 09:59:28 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1011

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.

Published: April 08, 2016; 09:59:27 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1006

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data.

Published: April 08, 2016; 09:59:26 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1019

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

Published: April 07, 2016; 06:59:01 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

Published: March 31, 2016; 12:59:01 PM -04:00
V3.0: 8.2 HIGH
    V2: 6.4 MEDIUM
CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Published: March 31, 2016; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-1788

Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.

Published: March 23, 2016; 09:59:55 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 2.6 LOW
CVE-2016-1775

TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Published: March 23, 2016; 09:59:42 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1773

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

Published: March 23, 2016; 09:59:41 PM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2016-1770

The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.

Published: March 23, 2016; 09:59:38 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-1769

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

Published: March 23, 2016; 09:59:37 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-1768

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.

Published: March 23, 2016; 09:59:36 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-1767

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.

Published: March 23, 2016; 09:59:35 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-1764

The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.

Published: March 23, 2016; 09:59:32 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Published: March 23, 2016; 09:59:30 PM -04:00
V3.0: 8.1 HIGH
    V2: 5.8 MEDIUM
CVE-2016-1761

libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Published: March 23, 2016; 09:59:29 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1759

The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: March 23, 2016; 09:59:28 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1758

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

Published: March 23, 2016; 09:59:27 PM -04:00
V3.0: 3.3 LOW
    V2: 4.3 MEDIUM
CVE-2016-1757

Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: March 23, 2016; 09:59:26 PM -04:00
V3.0: 7.0 HIGH
    V2: 9.3 HIGH
CVE-2016-1756

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

Published: March 23, 2016; 09:59:25 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH