Vulnerabilities > Apple > MAC OS X > 10.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-20 | CVE-2012-3723 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. | 4.6 |
| 2012-09-20 | CVE-2012-3722 | Resource Management Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 6.8 |
| 2012-09-20 | CVE-2012-3721 | Improper Authentication vulnerability in Apple mac OS X Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | 5.0 |
| 2012-09-20 | CVE-2012-3720 | Credentials Management vulnerability in Apple mac OS X Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. | 4.3 |
| 2012-09-20 | CVE-2012-3719 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. | 6.8 |
| 2012-09-20 | CVE-2012-3718 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | 2.1 |
| 2012-09-20 | CVE-2012-0650 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 7.5 |
| 2012-07-03 | CVE-2012-1148 | Resource Management Errors vulnerability in multiple products Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5.0 |
| 2012-05-11 | CVE-2012-0675 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | 4.3 |
| 2012-05-11 | CVE-2012-0662 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | 7.5 |