html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
Max CVSS
4.3
EPSS Score
0.15%
Published
2012-11-15
Updated
2017-08-29
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
Max CVSS
7.2
EPSS Score
0.11%
Published
2012-11-20
Updated
2023-02-13
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Max CVSS
6.8
EPSS Score
5.21%
Published
2012-11-28
Updated
2017-08-29
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.41%
Published
2012-10-11
Updated
2017-09-19
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
Max CVSS
5.8
EPSS Score
0.17%
Published
2012-08-25
Updated
2017-08-29
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.
Max CVSS
9.3
EPSS Score
2.61%
Published
2012-11-09
Updated
2017-09-19
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
Max CVSS
9.3
EPSS Score
2.09%
Published
2012-11-09
Updated
2017-09-19
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
Max CVSS
9.3
EPSS Score
1.97%
Published
2012-11-09
Updated
2017-09-19
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
Max CVSS
9.3
EPSS Score
83.21%
Published
2012-11-09
Updated
2017-09-19
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
9.3
EPSS Score
4.90%
Published
2012-11-09
Updated
2017-09-19

CVE-2012-3753

Public exploit
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
Max CVSS
9.3
EPSS Score
97.02%
Published
2012-11-09
Updated
2017-09-19

CVE-2012-3752

Public exploit
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
Max CVSS
9.3
EPSS Score
97.00%
Published
2012-11-09
Updated
2017-09-19
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.
Max CVSS
9.3
EPSS Score
4.90%
Published
2012-11-09
Updated
2017-09-19
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
Max CVSS
3.6
EPSS Score
0.06%
Published
2012-11-03
Updated
2017-08-29
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
Max CVSS
5.0
EPSS Score
0.55%
Published
2012-11-03
Updated
2013-08-17
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
Max CVSS
5.1
EPSS Score
13.63%
Published
2012-11-03
Updated
2013-09-18
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Max CVSS
6.8
EPSS Score
0.99%
Published
2012-09-20
Updated
2017-08-29
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
Max CVSS
4.3
EPSS Score
0.15%
Published
2012-09-20
Updated
2017-08-29
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
Max CVSS
5.0
EPSS Score
0.58%
Published
2012-09-20
Updated
2017-08-29
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.
Max CVSS
5.0
EPSS Score
0.38%
Published
2012-09-20
Updated
2017-08-29
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-09-20
Updated
2017-08-29
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.
Max CVSS
5.0
EPSS Score
0.35%
Published
2012-09-20
Updated
2017-08-29
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-09-20
Updated
2012-09-21
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-09-20
Updated
2012-09-21
355 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!