Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-18 | CVE-2016-4719 | Information Exposure vulnerability in Apple Iphone OS and Watchos The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. | 5.5 |
| 2016-09-06 | CVE-2016-7153 | Information Exposure vulnerability in multiple products The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | 5.3 |
| 2016-09-06 | CVE-2016-7152 | Information Exposure vulnerability in multiple products The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | 5.3 |
| 2016-08-25 | CVE-2016-4655 | Unspecified vulnerability in Apple Iphone OS The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | 5.5 |
| 2016-07-22 | CVE-2016-4652 | Out-of-bounds Read vulnerability in Apple mac OS X CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | 6.3 |
| 2016-07-22 | CVE-2016-4651 | Cross-site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. | 6.1 |
| 2016-07-22 | CVE-2016-4649 | NULL Pointer Dereference vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 5.5 |
| 2016-07-22 | CVE-2016-4648 | Information Exposure vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.5 |
| 2016-07-22 | CVE-2016-4646 | Information Exposure vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | 6.5 |
| 2016-07-22 | CVE-2016-4635 | Information Exposure vulnerability in Apple Iphone OS FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | 5.3 |