Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3559 2 Apple, Opera 2 Mac Os X, Opera Browser 2012-08-08 10.0 HIGH N/A
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
CVE-2012-0678 1 Apple 1 Safari 2012-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
CVE-2012-4145 4 Apple, Linux, Microsoft and 1 more 4 Mac Os X, Linux Kernel, Windows and 1 more 2012-08-06 10.0 HIGH N/A
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
CVE-2012-4142 4 Apple, Linux, Microsoft and 1 more 4 Mac Os X, Linux Kernel, Windows and 1 more 2012-08-06 4.3 MEDIUM N/A
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
CVE-2012-4143 4 Apple, Linux, Microsoft and 1 more 4 Mac Os X, Linux Kernel, Windows and 1 more 2012-08-06 6.8 MEDIUM N/A
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
CVE-2012-4144 4 Apple, Linux, Microsoft and 1 more 4 Mac Os X, Linux Kernel, Windows and 1 more 2012-08-06 4.3 MEDIUM N/A
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
CVE-2008-7296 1 Apple 1 Safari 2012-08-01 5.8 MEDIUM N/A
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2012-07-31 5.8 MEDIUM N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2012-3698 1 Apple 1 Xcode 2012-07-30 5.0 MEDIUM N/A
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
CVE-2012-0679 1 Apple 1 Safari 2012-07-29 4.3 MEDIUM N/A
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.
CVE-2012-3689 1 Apple 1 Safari 2012-07-29 5.8 MEDIUM N/A
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2012-3697 1 Apple 1 Safari 2012-07-29 7.1 HIGH N/A
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
CVE-2012-3690 1 Apple 1 Safari 2012-07-26 4.3 MEDIUM N/A
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.
CVE-2012-2827 2 Apple, Google 2 Mac Os X, Chrome 2012-06-28 7.5 HIGH N/A
Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-2493 4 Apple, Cisco, Linux and 1 more 4 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel and 1 more 2012-06-20 9.3 HIGH N/A
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
CVE-2012-0657 1 Apple 2 Mac Os X, Mac Os X Server 2012-05-29 2.1 LOW N/A
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
CVE-2012-0658 1 Apple 2 Mac Os X, Mac Os X Server 2012-05-29 6.8 MEDIUM N/A
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
CVE-2012-0659 1 Apple 2 Mac Os X, Mac Os X Server 2012-05-29 6.8 MEDIUM N/A
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVE-2012-0660 1 Apple 2 Mac Os X, Mac Os X Server 2012-05-29 6.8 MEDIUM N/A
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVE-2012-0662 1 Apple 2 Mac Os X, Mac Os X Server 2012-05-29 7.5 HIGH N/A
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.