Vulnerabilities > Apple > MAC OS X > 10.7.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-05-11 | CVE-2012-0655 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. | 6.4 |
2012-05-11 | CVE-2012-0654 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. | 6.8 |
2012-05-11 | CVE-2012-0652 | Information Exposure vulnerability in Apple mac OS X 10.7.3 Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | 4.9 |
2012-05-11 | CVE-2012-0649 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | 6.9 |
2012-03-30 | CVE-2011-3058 | Cross-Site Scripting vulnerability in Google Chrome Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
2012-02-16 | CVE-2011-3026 | Integer Overflow OR Wraparound vulnerability in Google Chrome Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | 6.8 |
2011-06-30 | CVE-2009-5078 | 7PK - Security Features vulnerability in multiple products contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | 6.4 |