Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-03 | CVE-2012-1147 | Improper Input Validation vulnerability in multiple products readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | 4.3 |
| 2012-05-16 | CVE-2011-3102 | Numeric Errors vulnerability in Google Chrome Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2012-05-11 | CVE-2012-0676 | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | 5.0 |
| 2012-05-11 | CVE-2012-0675 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | 4.3 |
| 2012-05-11 | CVE-2012-0661 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | 6.8 |
| 2012-05-11 | CVE-2012-0660 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | 6.8 |
| 2012-05-11 | CVE-2012-0659 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | 6.8 |
| 2012-05-11 | CVE-2012-0658 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | 6.8 |
| 2012-05-11 | CVE-2012-0656 | Race Condition vulnerability in Apple mac OS X Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. | 6.9 |
| 2012-05-11 | CVE-2012-0655 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. | 6.4 |