Vulnerabilities > Apple > MAC OS X > 10.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4694 | Improper Access Control vulnerability in Apple mac OS X The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. | 9.1 |
| 2016-07-22 | CVE-2016-4653 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. | 7.8 |
| 2016-07-22 | CVE-2016-4652 | Out-of-bounds Read vulnerability in Apple mac OS X CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | 6.3 |
| 2016-07-22 | CVE-2016-4649 | NULL Pointer Dereference vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 5.5 |
| 2016-07-22 | CVE-2016-4648 | Information Exposure vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.5 |
| 2016-07-22 | CVE-2016-4647 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. | 7.8 |
| 2016-07-22 | CVE-2016-4646 | Information Exposure vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | 6.5 |
| 2016-07-22 | CVE-2016-4645 | Information Exposure vulnerability in Apple mac OS X CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | 3.3 |
| 2016-07-22 | CVE-2016-4641 | Improper Input Validation vulnerability in Apple mac OS X Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | 7.3 |
| 2016-07-22 | CVE-2016-4640 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. | 7.8 |