The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.