Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4758 | Information Exposure vulnerability in Apple Safari WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 6.5 |
| 2016-09-25 | CVE-2016-4755 | Information Exposure vulnerability in Apple mac OS X Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | 5.5 |
| 2016-09-25 | CVE-2016-4752 | Information Exposure vulnerability in Apple mac OS X The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | 5.5 |
| 2016-09-25 | CVE-2016-4748 | 7PK - Security Features vulnerability in Apple mac OS X Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | 5.3 |
| 2016-09-25 | CVE-2016-4745 | Information Exposure vulnerability in Apple mac OS X The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | 5.3 |
| 2016-09-25 | CVE-2016-4742 | Information Exposure vulnerability in Apple mac OS X NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | 5.5 |
| 2016-09-25 | CVE-2016-4722 | Improper Input Validation vulnerability in Apple Iphone OS The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | 5.9 |
| 2016-09-25 | CVE-2016-4718 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | 6.5 |
| 2016-09-25 | CVE-2016-4713 | Information Exposure vulnerability in Apple mac OS X CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | 5.3 |
| 2016-09-25 | CVE-2016-4708 | Information Exposure vulnerability in Apple products CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | 6.5 |