U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
There are 1,926 matching records.
Displaying matches 1,721 through 1,740.
Vuln ID Summary CVSS Severity
CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-5186

Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-5185

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5184

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2013-5183

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2013-5182

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5181

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5180

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5179

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-5178

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

Published: October 23, 2013; 11:48:52 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5177

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5176

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5175

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2013-5174

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5173

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-5172

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2013-5171

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-5170

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-5168

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM