Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-05-20 CVE-2016-1853 Information Exposure vulnerability in Apple mac OS X
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
network
low complexity
apple CWE-200
7.5
2016-05-20 CVE-2016-1852 Information Exposure vulnerability in Apple Iphone OS
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
low complexity
apple CWE-200
2.4
2016-05-20 CVE-2016-1851 Unspecified vulnerability in Apple mac OS X
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
low complexity
apple
4.6
2016-05-20 CVE-2016-1850 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1849 Information Exposure vulnerability in Apple Safari
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
local
low complexity
apple CWE-200
3.3
2016-05-20 CVE-2016-1848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1847 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple CWE-119
8.8
2016-05-20 CVE-2016-1846 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1844 Improper Access Control vulnerability in Apple mac OS X
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.
network
low complexity
apple CWE-284
5.3