Vulnerabilities > Apple > MAC OS X > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-20 | CVE-2016-4679 | Link Following vulnerability in Apple products An issue was discovered in certain Apple products. | 5.5 |
| 2017-02-20 | CVE-2016-4663 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.5 |
| 2017-02-20 | CVE-2016-4661 | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.5 |
| 2016-09-25 | CVE-2016-4771 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | 5.5 |
| 2016-09-25 | CVE-2016-4755 | Information Exposure vulnerability in Apple mac OS X Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | 5.5 |
| 2016-09-25 | CVE-2016-4752 | Information Exposure vulnerability in Apple mac OS X The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | 5.5 |
| 2016-09-25 | CVE-2016-4748 | 7PK - Security Features vulnerability in Apple mac OS X Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | 5.3 |
| 2016-09-25 | CVE-2016-4745 | Information Exposure vulnerability in Apple mac OS X The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | 5.3 |
| 2016-09-25 | CVE-2016-4742 | Information Exposure vulnerability in Apple mac OS X NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | 5.5 |
| 2016-09-25 | CVE-2016-4722 | Improper Input Validation vulnerability in Apple Iphone OS The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | 5.9 |