Vulnerabilities > Apple > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-16 | CVE-2012-0265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. | 9.3 |
| 2012-05-11 | CVE-2012-1823 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 9.8 |
| 2012-05-04 | CVE-2012-0779 | Object Type Confusion Remote Code Execution vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. | 9.3 |
| 2012-05-01 | CVE-2011-3081 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. | 9.3 |
| 2012-03-09 | CVE-2011-3046 | Cross-Site Scripting vulnerability in Google Chrome The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 10.0 |
| 2012-03-08 | CVE-2012-0646 | USE of Externally-Controlled Format String vulnerability in Apple Iphone OS Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | 9.3 |
| 2012-03-08 | CVE-2012-0643 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | 9.3 |
| 2012-03-08 | CVE-2012-0642 | Numeric Errors vulnerability in Apple Iphone OS Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | 9.3 |
| 2012-03-08 | CVE-2012-0635 | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0633 | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |