The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
Base Score: 2.1
Impact Score: 2.9
Exploitability Score: 3.9
Base Score: 3.3
Impact Score: 1.4
Exploitability Score: 1.8
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.3 (inclusive)
|802018||Mac OS X < 10.11.4 Multiple Vulnerabilities||Log Correlation Engine||Operating System Detection|
|9327||Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities||Nessus Network Monitor||Operating System Detection|
|90096||Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities||Nessus||MacOS X Local Security Checks|