Vulnerabilities > Apple > MAC OS X > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-30 | CVE-2010-1787 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1786 | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1785 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | 9.3 |
| 2010-07-30 | CVE-2010-1784 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
| 2010-07-30 | CVE-2010-1783 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
| 2010-07-30 | CVE-2010-1782 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | 9.3 |
| 2010-07-30 | CVE-2010-1780 | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. | 9.3 |
| 2010-07-30 | CVE-2010-1777 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. | 9.3 |
| 2010-07-28 | CVE-2010-0211 | Unchecked Return Value vulnerability in multiple products The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | 9.8 |
| 2010-07-08 | CVE-2010-2666 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | 9.3 |