Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-06 | CVE-2012-4142 | Cross-Site Scripting vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | 4.3 |
| 2012-07-03 | CVE-2012-1148 | Resource Management Errors vulnerability in multiple products Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5.0 |
| 2012-07-03 | CVE-2012-1147 | Improper Input Validation vulnerability in multiple products readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | 4.3 |
| 2012-06-20 | CVE-2012-2493 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | 9.3 |
| 2012-06-14 | CVE-2012-3559 | Unspecified vulnerability in Opera Browser Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue." | 10.0 |
| 2012-05-11 | CVE-2012-1823 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 9.8 |
| 2012-05-11 | CVE-2012-0675 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | 4.3 |
| 2012-05-11 | CVE-2012-0662 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | 7.5 |
| 2012-05-11 | CVE-2012-0661 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | 6.8 |
| 2012-05-11 | CVE-2012-0660 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | 6.8 |