Vulnerabilities > Apple > MAC OS X
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-30 | CVE-2010-1784 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2010-07-30 | CVE-2010-1783 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2010-07-30 | CVE-2010-1782 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | 9.3 |
2010-07-30 | CVE-2010-1780 | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. | 9.3 |
2010-07-30 | CVE-2010-1778 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 4.3 |
2010-07-30 | CVE-2010-1777 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. | 9.3 |
2010-07-28 | CVE-2010-0211 | Unchecked Return Value vulnerability in multiple products The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | 9.8 |
2010-07-08 | CVE-2010-2666 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | 9.3 |
2010-07-08 | CVE-2010-2665 | Cross-Site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | 4.3 |
2010-07-08 | CVE-2010-2661 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | 4.3 |