Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-25 | CVE-2012-4672 | Improper Input Validation vulnerability in Apple Ichat Server Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | 5.8 |
| 2012-08-22 | CVE-2012-0681 | Cryptographic Issues vulnerability in Apple Remote Desktop 3.5.2/3.5.3/3.6.0 Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | 4.3 |
| 2012-08-21 | CVE-2012-4168 | Information Exposure vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. | 4.3 |
| 2012-08-06 | CVE-2012-4144 | Cross-Site Scripting vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | 4.3 |
| 2012-08-06 | CVE-2012-4143 | Code Injection vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | 6.8 |
| 2012-08-06 | CVE-2012-4142 | Cross-Site Scripting vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | 4.3 |
| 2012-07-31 | CVE-2012-2647 | Information Exposure vulnerability in Yahoo Toolbar 1.0.0.5 Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | 5.8 |
| 2012-07-26 | CVE-2012-3698 | Permissions, Privileges, and Access Controls vulnerability in Apple Xcode Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. | 5.0 |
| 2012-07-25 | CVE-2012-3696 | Improper Input Validation vulnerability in Apple Safari CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | 4.3 |
| 2012-07-25 | CVE-2012-3695 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | 4.3 |