Vulnerabilities > Apple > MAC OS X > 10.8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-03-15 | CVE-2013-0967 | Security Bypass vulnerability in Apple Mac OS X CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. network apple | 4.3 |
2013-03-15 | CVE-2013-0966 | Authentication Bypass vulnerability in Apple Mac OS X The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | 6.4 |
2013-03-05 | CVE-2013-1775 | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. | 6.9 |
2012-09-20 | CVE-2012-3720 | Credentials Management vulnerability in Apple mac OS X Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. | 4.3 |
2012-09-20 | CVE-2012-3718 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | 2.1 |
2012-07-03 | CVE-2012-1148 | Resource Management Errors vulnerability in multiple products Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5.0 |
2012-03-30 | CVE-2011-3058 | Cross-Site Scripting vulnerability in Google Chrome Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
2011-06-30 | CVE-2009-5078 | 7PK - Security Features vulnerability in multiple products contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | 6.4 |