10.11.1

DATE	CVE	VULNERABILITY TITLE	RISK
2016-02-01	CVE-2016-1716	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. local low complexity apple CWE-119	7.8
2016-01-21	CVE-2015-8472	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. network low complexity apple libpng CWE-119	7.3
2016-01-14	CVE-2016-0778	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. network high complexity oracle openbsd apple hp sophos CWE-119	8.1
2016-01-14	CVE-2016-0777	Information Exposure vulnerability in multiple products The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. network low complexity sophos oracle openbsd hp apple CWE-200	6.5
2016-01-12	CVE-2015-8659	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. network low complexity apple nghttp2 CWE-119 critical	10.0
2015-12-11	CVE-2015-7068	NULL Pointer Dereference vulnerability in Apple products IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. local low complexity apple CWE-476	7.8
2015-12-06	CVE-2015-3195	Information Exposure vulnerability in multiple products The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. network low complexity apple oracle openssl redhat canonical debian opensuse suse fedoraproject CWE-200	5.3