Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4725 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
5.8
2016-09-25 CVE-2016-4718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
network
apple CWE-119
4.3
2016-09-25 CVE-2016-4717 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
network
low complexity
apple
5.0
2016-09-25 CVE-2016-4715 Information Exposure vulnerability in Apple mac OS X
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
network
apple CWE-200
4.3
2016-09-25 CVE-2016-4713 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
network
apple CWE-264
4.3
2016-09-25 CVE-2016-4711 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
network
low complexity
apple CWE-20
5.0
2016-09-25 CVE-2016-4708 Information Exposure vulnerability in Apple products
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
network
apple CWE-200
4.3
2016-09-25 CVE-2016-4706 Improper Input Validation vulnerability in Apple mac OS X
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
local
low complexity
apple CWE-20
4.9
2016-09-25 CVE-2016-4618 Cross-site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
apple CWE-79
4.3
2016-09-25 CVE-2016-4611 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
network
apple CWE-119
6.8