WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read),. Rated medium severity (CVSS 6.3). No vendor patch available.
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.