VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2013-5169Oct 24, 2013
    risk 0.00cvss epss 0.00

    CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

  • CVE-2013-5168Oct 24, 2013
    risk 0.00cvss epss 0.02

    Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

  • CVE-2013-5167Oct 24, 2013
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

  • CVE-2013-5166Oct 24, 2013
    risk 0.00cvss epss 0.00

    The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.

  • CVE-2013-5165Oct 24, 2013
    risk 0.00cvss epss 0.02

    socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

  • CVE-2013-5163Oct 4, 2013
    risk 0.00cvss epss 0.00

    Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

  • CVE-2011-2391Sep 19, 2013
    risk 0.00cvss epss 0.01

    The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

  • CVE-2013-1824Sep 16, 2013
    risk 0.00cvss epss 0.04

    The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the…

  • CVE-2013-1033Sep 16, 2013
    risk 0.00cvss epss 0.02

    Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

  • CVE-2013-1032Sep 16, 2013
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

  • CVE-2013-1031Sep 16, 2013
    risk 0.00cvss epss 0.00

    Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had…

  • CVE-2013-1030Sep 16, 2013
    risk 0.00cvss epss 0.00

    mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2013-1029Sep 16, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

  • CVE-2013-1028Sep 16, 2013
    risk 0.00cvss epss 0.01

    The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

  • CVE-2013-1027Sep 16, 2013
    risk 0.00cvss epss 0.02

    Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.

  • CVE-2013-1026Sep 16, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

  • CVE-2013-1025Sep 16, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

  • CVE-2013-3954Jun 5, 2013
    risk 0.00cvss epss 0.00

    The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)…

  • CVE-2013-3953Jun 5, 2013
    risk 0.00cvss epss 0.00

    The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

  • CVE-2013-3952Jun 5, 2013
    risk 0.00cvss epss 0.00

    The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.

Page 67 of 105