Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4646 Information Exposure vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
network
apple CWE-200
4.3
2016-07-22 CVE-2016-4645 Information Exposure vulnerability in Apple mac OS X
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
apple CWE-200
2.1
2016-07-22 CVE-2016-4641 Improper Input Validation vulnerability in Apple mac OS X
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
network
apple CWE-20
critical
9.3
2016-07-22 CVE-2016-4640 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-07-22 CVE-2016-4639 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-07-18-1
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.
local
apple
4.4
2016-07-22 CVE-2016-4638 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
network
apple CWE-264
critical
9.3
2016-07-22 CVE-2016-4637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4635 Information Exposure vulnerability in Apple Iphone OS and mac OS X
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
network
apple CWE-200
3.5
2016-07-22 CVE-2016-4634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.2
2016-07-22 CVE-2016-4633 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
apple CWE-264
6.9