Vulnerabilities > Apple > MAC OS X > 10.11.0

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1806 Improper Access Control vulnerability in Apple mac OS X
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
apple CWE-284
critical
9.3
2016-05-20 CVE-2016-1805 Improper Access Control vulnerability in Apple mac OS X
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
apple CWE-284
critical
9.3
2016-05-20 CVE-2016-1804 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-05-20 CVE-2016-1803 NULL Pointer Dereference vulnerability in Apple products
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
apple CWE-476
6.8
2016-05-20 CVE-2016-1802 Information Exposure vulnerability in Apple products
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
network
apple CWE-200
4.3
2016-05-20 CVE-2016-1801 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple CWE-200
5.0
2016-05-20 CVE-2016-1800 Improper Input Validation vulnerability in Apple mac OS X
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
network
apple CWE-20
critical
9.3
2016-05-20 CVE-2016-1799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-05-20 CVE-2016-1798 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4
Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
network
apple
4.3
2016-05-20 CVE-2016-1797 Improper Access Control vulnerability in Apple mac OS X
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
network
apple CWE-284
critical
9.3