Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-6712 |
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. Published: November 27, 2013; 11:37:39 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5192 |
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-5191 |
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-5190 |
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5189 |
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-5188 |
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-5187 |
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-5186 |
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-5185 |
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5184 |
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 5.7 MEDIUM |
CVE-2013-5183 |
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2013-5182 |
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5181 |
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5180 |
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5179 |
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5178 |
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. Published: October 23, 2013; 11:48:52 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5177 |
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Published: October 23, 2013; 11:48:49 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-5176 |
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. Published: October 23, 2013; 11:48:49 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-5175 |
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Published: October 23, 2013; 11:48:49 PM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2013-5174 |
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Published: October 23, 2013; 11:48:49 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |