Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.1.5
There are 3,178 matching records.
Displaying matches 2,801 through 2,820.
Vuln ID Summary CVSS Severity
CVE-2012-2847

Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site.

Published: August 06, 2012; 11:55:01 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Published: July 03, 2012; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-2827

Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: June 27, 2012; 6:18:39 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Published: June 20, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-3559

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."

Published: June 14, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-0660

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0649

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-0777

The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: April 10, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: March 30, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: March 28, 2012; 3:55:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-1929

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.

Published: March 27, 2012; 11:22:10 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-0769

Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.

Published: March 05, 2012; 4:55:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0768

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: March 05, 2012; 4:55:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH