Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5189 | 0.00 | — | 0.01 | Oct 24, 2013 | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security… | |||
| CVE-2013-5188 | 0.00 | — | 0.00 | Oct 24, 2013 | The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the… | |||
| CVE-2013-5187 | 0.00 | — | 0.00 | Oct 24, 2013 | The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading… | |||
| CVE-2013-5186 | 0.00 | — | 0.00 | Oct 24, 2013 | Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||
| CVE-2013-5185 | 0.00 | — | 0.01 | Oct 24, 2013 | The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | |||
| CVE-2013-5184 | 0.00 | — | 0.01 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | |||
| CVE-2013-5183 | 0.00 | — | 0.01 | Oct 24, 2013 | Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-5182 | 0.00 | — | 0.01 | Oct 24, 2013 | Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | |||
| CVE-2013-5181 | 0.00 | — | 0.02 | Oct 24, 2013 | The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-5180 | 0.00 | — | 0.01 | Oct 24, 2013 | The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection… | |||
| CVE-2013-5179 | 0.00 | — | 0.01 | Oct 24, 2013 | App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | |||
| CVE-2013-5178 | 0.00 | — | 0.01 | Oct 24, 2013 | LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | |||
| CVE-2013-5177 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||
| CVE-2013-5176 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | |||
| CVE-2013-5175 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||
| CVE-2013-5174 | 0.00 | — | 0.00 | Oct 24, 2013 | Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | |||
| CVE-2013-5173 | 0.00 | — | 0.00 | Oct 24, 2013 | The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||
| CVE-2013-5172 | 0.00 | — | 0.01 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | |||
| CVE-2013-5171 | 0.00 | — | 0.00 | Oct 24, 2013 | CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | |||
| CVE-2013-5170 | 0.00 | — | 0.02 | Oct 24, 2013 | Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. |
- CVE-2013-5189Oct 24, 2013risk 0.00cvss —epss 0.01
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security…
- CVE-2013-5188Oct 24, 2013risk 0.00cvss —epss 0.00
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the…
- CVE-2013-5187Oct 24, 2013risk 0.00cvss —epss 0.00
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading…
- CVE-2013-5186Oct 24, 2013risk 0.00cvss —epss 0.00
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
- CVE-2013-5185Oct 24, 2013risk 0.00cvss —epss 0.01
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.
- CVE-2013-5184Oct 24, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.
- CVE-2013-5183Oct 24, 2013risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2013-5182Oct 24, 2013risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
- CVE-2013-5181Oct 24, 2013risk 0.00cvss —epss 0.02
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2013-5180Oct 24, 2013risk 0.00cvss —epss 0.01
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection…
- CVE-2013-5179Oct 24, 2013risk 0.00cvss —epss 0.01
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
- CVE-2013-5178Oct 24, 2013risk 0.00cvss —epss 0.01
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.
- CVE-2013-5177Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
- CVE-2013-5176Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
- CVE-2013-5175Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
- CVE-2013-5174Oct 24, 2013risk 0.00cvss —epss 0.00
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
- CVE-2013-5173Oct 24, 2013risk 0.00cvss —epss 0.00
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
- CVE-2013-5172Oct 24, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
- CVE-2013-5171Oct 24, 2013risk 0.00cvss —epss 0.00
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
- CVE-2013-5170Oct 24, 2013risk 0.00cvss —epss 0.02
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
Page 66 of 105