Skip to main content
CVE-2016-4652 MEDIUM This Month

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read),. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Information Disclosure Apple Buffer Overflow Mac Os X
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2016-4585 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Webkit
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-6204 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sinema Remote Connect Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4651 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Iphone Os Safari
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4590 MEDIUM This Month

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Webkit
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2016-1865 MEDIUM This Month

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Null Pointer Dereference Iphone Os Mac Os X +2
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4649 MEDIUM This Month

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Null Pointer Dereference Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4648 MEDIUM This Month

Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Information Disclosure Buffer Overflow Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4628 MEDIUM This Month

IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Apple Buffer Overflow Iphone Os +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4604 MEDIUM This Month

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Safari
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-4635 MEDIUM This Month

FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-4595 MEDIUM This Month

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-4603 MEDIUM This Month

Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-8946 LOW Monitor

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Linux Ecryptfs Utils
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-6224 LOW Monitor

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecryptfs Utils Ubuntu Linux
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-4645 LOW Monitor

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-4583 LOW Monitor

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Authentication Bypass Webkit Webkitgtk
NVD
CVSS 3.0
3.1
EPSS
0.4%
CVE-2016-4593 LOW Monitor

The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 3.0
2.4
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy