Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4597 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4596 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
network
apple CWE-20
6.8
2016-07-22 CVE-2016-4590 Improper Input Validation vulnerability in Apple Safari and Webkit
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
apple CWE-20
4.3
2016-07-22 CVE-2016-4589 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4588 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4587 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
network
apple CWE-119
4.3
2016-07-22 CVE-2016-4586 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari and Tvos
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4585 Cross-site Scripting vulnerability in Apple Webkit
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
network
apple CWE-79
4.3
2016-07-22 CVE-2016-4584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
6.8