Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1774 Improper Access Control vulnerability in Apple mac OS X Server
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
network
low complexity
apple CWE-284
5.3
2016-03-24 CVE-2016-1772 Information Exposure vulnerability in Apple Safari
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
network
low complexity
apple CWE-200
4.3
2016-03-24 CVE-2016-1771 Data Processing Errors vulnerability in Apple Safari
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
network
low complexity
apple CWE-19
6.5
2016-03-24 CVE-2016-1770 Improper Access Control vulnerability in Apple mac OS X
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
network
low complexity
apple CWE-284
6.5
2016-03-24 CVE-2016-1764 Information Exposure vulnerability in Apple mac OS X
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
network
low complexity
apple CWE-200
4.3
2016-03-24 CVE-2016-1752 Improper Input Validation vulnerability in Apple products
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
local
low complexity
apple CWE-20
5.5
2016-03-24 CVE-2016-1745 Unspecified vulnerability in Apple mac OS X
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple
5.5
2016-03-24 CVE-2016-1737 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
network
low complexity
apple CWE-119
6.3
2016-03-24 CVE-2016-1734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
low complexity
apple CWE-119
6.8
2016-03-24 CVE-2016-1732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-119
5.5