U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
There are 1,963 matching records.
Displaying matches 1,741 through 1,760.
Vuln ID Summary CVSS Severity
CVE-2013-5167

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

Published: October 23, 2013; 11:48:49 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5166

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-5165

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-5163

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

Published: October 04, 2013; 6:44:07 AM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

Published: September 19, 2013; 6:27:53 AM -0400
V3.x:(not available)
V2.0: 6.1 MEDIUM
CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Published: September 16, 2013; 9:02:34 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1033

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2013-1032

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1031

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-1030

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-1029

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-1028

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-1027

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1026

Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

Published: September 16, 2013; 9:02:32 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1025

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

Published: September 16, 2013; 9:02:29 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-0985

Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW