VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2013-5189Oct 24, 2013
    risk 0.00cvss epss 0.01

    Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security…

  • CVE-2013-5188Oct 24, 2013
    risk 0.00cvss epss 0.00

    The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the…

  • CVE-2013-5187Oct 24, 2013
    risk 0.00cvss epss 0.00

    The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading…

  • CVE-2013-5186Oct 24, 2013
    risk 0.00cvss epss 0.00

    Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

  • CVE-2013-5185Oct 24, 2013
    risk 0.00cvss epss 0.01

    The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

  • CVE-2013-5184Oct 24, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

  • CVE-2013-5183Oct 24, 2013
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-5182Oct 24, 2013
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

  • CVE-2013-5181Oct 24, 2013
    risk 0.00cvss epss 0.02

    The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-5180Oct 24, 2013
    risk 0.00cvss epss 0.01

    The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection…

  • CVE-2013-5179Oct 24, 2013
    risk 0.00cvss epss 0.01

    App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.

  • CVE-2013-5178Oct 24, 2013
    risk 0.00cvss epss 0.01

    LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

  • CVE-2013-5177Oct 24, 2013
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.

  • CVE-2013-5176Oct 24, 2013
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.

  • CVE-2013-5175Oct 24, 2013
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.

  • CVE-2013-5174Oct 24, 2013
    risk 0.00cvss epss 0.00

    Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.

  • CVE-2013-5173Oct 24, 2013
    risk 0.00cvss epss 0.00

    The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

  • CVE-2013-5172Oct 24, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

  • CVE-2013-5171Oct 24, 2013
    risk 0.00cvss epss 0.00

    CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

  • CVE-2013-5170Oct 24, 2013
    risk 0.00cvss epss 0.02

    Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Page 66 of 105