Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.0.0
There are 3,209 matching records.
Displaying matches 2,681 through 2,700.
Vuln ID Summary CVSS Severity
CVE-2013-5173

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-5172

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2013-5171

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-5170

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-5168

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5167

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5166

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5165

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-5163

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

Published: October 04, 2013; 6:44:07 AM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

Published: September 20, 2013; 12:55:07 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

Published: September 19, 2013; 6:27:53 AM -0400
V3.x:(not available)
V2.0: 6.1 MEDIUM
CVE-2013-1729

The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

Published: September 18, 2013; 6:08:24 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Published: September 16, 2013; 9:02:34 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1033

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2013-1032

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1031

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-1030

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-1029

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM