Vulnerabilities > Apple > MAC OS X > 10.11.0

DATE CVE VULNERABILITY TITLE RISK
2016-02-01 CVE-2016-1721 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-02-01 CVE-2016-1720 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-02-01 CVE-2016-1719 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-02-01 CVE-2016-1718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
apple CWE-119
6.9
2016-02-01 CVE-2016-1717 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-02-01 CVE-2016-1716 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-01-21 CVE-2015-8472 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
network
low complexity
apple libpng CWE-119
7.5
2016-01-14 CVE-2016-0778 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
network
high complexity
oracle openbsd apple hp sophos CWE-119
8.1
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5
2016-01-12 CVE-2015-8659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
network
low complexity
apple nghttp2 CWE-119
critical
10.0