Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1780 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | 4.3 |
| 2016-03-24 | CVE-2016-1779 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | 6.5 |
| 2016-03-24 | CVE-2016-1776 | Improper Access Control vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | 5.3 |
| 2016-03-24 | CVE-2016-1774 | Improper Access Control vulnerability in Apple mac OS X Server The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | 5.3 |
| 2016-03-24 | CVE-2016-1772 | Information Exposure vulnerability in Apple Safari The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | 4.3 |
| 2016-03-24 | CVE-2016-1771 | Data Processing Errors vulnerability in Apple Safari The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | 6.5 |
| 2016-03-24 | CVE-2016-1770 | Improper Access Control vulnerability in Apple mac OS X The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | 6.5 |
| 2016-03-24 | CVE-2016-1764 | Information Exposure vulnerability in Apple mac OS X The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | 4.3 |
| 2016-03-24 | CVE-2016-1752 | Improper Input Validation vulnerability in Apple products The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | 5.5 |
| 2016-03-24 | CVE-2016-1745 | Unspecified vulnerability in Apple mac OS X IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 5.5 |