Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4759 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
6.8
2016-09-25 CVE-2016-4758 Information Exposure vulnerability in Apple Iphone OS, Itunes and Safari
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
4.3
2016-09-25 CVE-2016-4754 Cryptographic Issues vulnerability in Apple OS X Server
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
apple CWE-310
5.0
2016-09-25 CVE-2016-4752 Information Exposure vulnerability in Apple mac OS X
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
network
apple CWE-200
4.3
2016-09-25 CVE-2016-4751 7PK - Security Features vulnerability in Apple Safari
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
network
apple CWE-254
4.3
2016-09-25 CVE-2016-4748 7PK - Security Features vulnerability in Apple mac OS X
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
local
low complexity
apple CWE-254
4.6
2016-09-25 CVE-2016-4745 Information Exposure vulnerability in Apple mac OS X
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
network
low complexity
apple CWE-200
5.0
2016-09-25 CVE-2016-4742 Information Exposure vulnerability in Apple mac OS X
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
network
apple CWE-200
4.3
2016-09-25 CVE-2016-4739 Information Exposure vulnerability in Apple mac OS X
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
network
apple CWE-200
4.3
2016-09-25 CVE-2016-4728 Improper Input Validation vulnerability in Apple products
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
6.8