Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-0662 |
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-0660 |
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0659 |
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0658 |
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0657 |
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-0655 |
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. Published: May 10, 2012; 11:49:58 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-0654 |
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. Published: May 10, 2012; 11:49:58 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0649 |
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Published: May 10, 2012; 11:49:58 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-0777 |
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: April 10, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3058 |
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Published: March 30, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0773 |
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: March 28, 2012; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-1929 |
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area. Published: March 27, 2012; 11:22:10 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-0769 |
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. Published: March 05, 2012; 4:55:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0768 |
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: March 05, 2012; 4:55:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0767 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0756 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755. Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0755 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756. Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0754 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0753 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0752 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion." Published: February 16, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |