Vulnerabilities > Apple > MAC OS X > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
network
low complexity
apple CWE-119
6.5
6.5
2016-09-25 CVE-2016-4713 Information Exposure vulnerability in Apple mac OS X
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
network
high complexity
apple CWE-200
5.3
5.3
2016-09-25 CVE-2016-4708 Information Exposure vulnerability in Apple products
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
network
low complexity
apple CWE-200
6.5
6.5
2016-09-25 CVE-2016-4707 Data Processing Errors vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
local
low complexity
apple CWE-19
4.0
4.0
2016-09-25 CVE-2016-4706 Improper Input Validation vulnerability in Apple mac OS X
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
local
low complexity
apple CWE-20
5.5
5.5
2016-09-25 CVE-2016-4701 Improper Input Validation vulnerability in Apple mac OS X
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
local
low complexity
apple CWE-20
6.2
6.2
2016-07-22 CVE-2016-4652 Out-of-bounds Read vulnerability in Apple mac OS X
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
local
high complexity
apple CWE-125
6.3
6.3
2016-07-22 CVE-2016-4649 NULL Pointer Dereference vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple CWE-476
5.5
5.5
2016-07-22 CVE-2016-4648 Information Exposure vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-200
5.5
5.5
2016-07-22 CVE-2016-4646 Information Exposure vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
network
low complexity
apple CWE-200
6.5
6.5