Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-20 | CVE-2016-1854 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. | 6.8 |
| 2016-05-20 | CVE-2016-1853 | Information Exposure vulnerability in Apple mac OS X Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | 5.0 |
| 2016-05-20 | CVE-2016-1850 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 6.8 |
| 2016-05-20 | CVE-2016-1848 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 6.8 |
| 2016-05-20 | CVE-2016-1847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 6.8 |
| 2016-05-20 | CVE-2016-1844 | Improper Access Control vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | 5.0 |
| 2016-05-20 | CVE-2016-1843 | Improper Input Validation vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2016-05-20 | CVE-2016-1842 | Improper Access Control vulnerability in Apple Iphone OS, mac OS X and Watchos MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 5.0 |
| 2016-05-20 | CVE-2016-1840 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | 6.8 |
| 2016-05-20 | CVE-2016-1839 | Out-of-bounds Read vulnerability in multiple products The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | 4.3 |