Vulnerabilities > Apple > MAC OS X > 10.1.4

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1738 7PK - Security Features vulnerability in Apple mac OS X
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.
local
low complexity
apple CWE-254
7.8
2016-03-24 CVE-2016-1737 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
network
low complexity
apple CWE-119
6.3
2016-03-24 CVE-2016-1736 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1735 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
low complexity
apple CWE-119
6.8
2016-03-24 CVE-2016-1733 Improper Input Validation vulnerability in Apple mac OS X
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-20
7.8
2016-03-24 CVE-2016-1732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-119
5.5
2016-03-24 CVE-2015-7551 Improper Input Validation vulnerability in multiple products
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library.
local
low complexity
apple ruby-lang CWE-20
8.4
2016-03-13 CVE-2016-1950 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
network
low complexity
mozilla oracle apple opensuse CWE-119
8.8
2016-02-07 CVE-2016-0802 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
low complexity
google apple CWE-20
8.8