Vulnerabilities > Apple > MAC OS X > 10.11.0

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4595 Information Exposure vulnerability in Apple mac OS X
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.
local
low complexity
apple CWE-200
2.1
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
network
apple CWE-20
6.8
2016-07-22 CVE-2016-4582 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
local
low complexity
apple CWE-119
7.2
2016-07-22 CVE-2016-1865 NULL Pointer Dereference vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple CWE-476
4.9
2016-07-22 CVE-2016-1863 Use After Free vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
local
low complexity
apple CWE-416
7.2
2016-07-22 CVE-2014-9862 Integer Overflow or Wraparound vulnerability in Apple mac OS X
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
local
low complexity
apple CWE-190
7.2
2016-06-26 CVE-2015-7988 NULL Pointer Dereference Remote Code Execution vulnerability in mDNSResponder
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
network
low complexity
apple
7.5
2016-06-26 CVE-2015-7987 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
network
apple CWE-119
6.8
2016-06-19 CVE-2016-1862 Information Exposure vulnerability in Apple mac OS X
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
network
apple CWE-200
4.3
2016-06-19 CVE-2016-1861 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
network
apple CWE-119
critical
9.3