Apple macOS vulnerabilities

CVE-2016-1758 [LOW] CWE-119 CVE-2016-1758: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memo The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

CVE-2016-1748 [LOW] CWE-200 CVE-2016-1748: IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 al IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

CVE-2016-1773 [LOW] CWE-264 CVE-2016-1773: The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, whi The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

CVE-2016-1950 [HIGH] CWE-119 CVE-2016-1950: Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

CVE-2016-0801 [CRITICAL] CWE-20 CVE-2016-0801: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6. The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

CVE-2016-0802 [HIGH] CWE-20 CVE-2016-0802: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6. The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.

CVE-2016-1718 [HIGH] CWE-119 CVE-2016-1718: The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1717 [HIGH] CWE-119 CVE-2016-1717: The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allo The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1719 [HIGH] CWE-119 CVE-2016-1719: The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows loc The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1720 [HIGH] CWE-119 CVE-2016-1720: IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to ga IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1729 [HIGH] CVE-2016-1729: Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.

CVE-2016-1722 [HIGH] CWE-119 CVE-2016-1722: syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to g syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1721 [HIGH] CWE-119 CVE-2016-1721: The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1716 [HIGH] CWE-119 CVE-2016-1716: AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or c AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2015-8472 [HIGH] CVE-2015-8472: Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG i

CVE-2016-0778 [HIGH] CWE-119 CVE-2016-0778: The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5. The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified othe

CVE-2016-0777 [MEDIUM] CWE-200 CVE-2016-0777: The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVE-2015-8659 [CRITICAL] CWE-119 CVE-2015-8659: The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unk The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

CVE-2015-6980 [HIGH] CWE-264 CVE-2015-6980: Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which all Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.

CVE-2015-7024 [MEDIUM] CVE-2015-7024: Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intend Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.