Skip to main content
CVE-2016-4708 MEDIUM This Month

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2016-4718 MEDIUM This Month

Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2016-4763 MEDIUM This Month

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Microsoft Itunes Safari +1
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-5174 MEDIUM This Month

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2016-5172 MEDIUM This Month

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Node Js Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2016-4758 MEDIUM This Month

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Microsoft Safari Iphone Os +1
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-4760 MEDIUM This Month

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Itunes Safari +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-4722 MEDIUM This Month

The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Denial Of Service Iphone Os Mac Os X
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2016-4701 MEDIUM This Month

Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-4618 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-4752 MEDIUM This Month

The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4742 MEDIUM This Month

NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4771 MEDIUM This Month

The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4706 MEDIUM This Month

cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-4755 MEDIUM This Month

Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-4745 MEDIUM This Month

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-4713 MEDIUM This Month

CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4748 MEDIUM This Month

Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-4707 MEDIUM This Month

CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy