Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5169 | 0.00 | — | 0.00 | Oct 24, 2013 | CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||
| CVE-2013-5168 | 0.00 | — | 0.02 | Oct 24, 2013 | Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||
| CVE-2013-5167 | 0.00 | — | 0.01 | Oct 24, 2013 | CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | |||
| CVE-2013-5166 | 0.00 | — | 0.00 | Oct 24, 2013 | The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | |||
| CVE-2013-5165 | 0.00 | — | 0.02 | Oct 24, 2013 | socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||
| CVE-2013-5163 | 0.00 | — | 0.00 | Oct 4, 2013 | Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||
| CVE-2011-2391 | 0.00 | — | 0.01 | Sep 19, 2013 | The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |||
| CVE-2013-1824 | 0.00 | — | 0.04 | Sep 16, 2013 | The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the… | |||
| CVE-2013-1033 | 0.00 | — | 0.02 | Sep 16, 2013 | Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||
| CVE-2013-1032 | 0.00 | — | 0.03 | Sep 16, 2013 | QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. | |||
| CVE-2013-1031 | 0.00 | — | 0.00 | Sep 16, 2013 | Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had… | |||
| CVE-2013-1030 | 0.00 | — | 0.00 | Sep 16, 2013 | mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2013-1029 | 0.00 | — | 0.01 | Sep 16, 2013 | The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||
| CVE-2013-1028 | 0.00 | — | 0.01 | Sep 16, 2013 | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||
| CVE-2013-1027 | 0.00 | — | 0.02 | Sep 16, 2013 | Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||
| CVE-2013-1026 | 0.00 | — | 0.03 | Sep 16, 2013 | Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||
| CVE-2013-1025 | 0.00 | — | 0.03 | Sep 16, 2013 | Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |||
| CVE-2013-3954 | 0.00 | — | 0.00 | Jun 5, 2013 | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)… | |||
| CVE-2013-3953 | 0.00 | — | 0.00 | Jun 5, 2013 | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||
| CVE-2013-3952 | 0.00 | — | 0.00 | Jun 5, 2013 | The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. |
- CVE-2013-5169Oct 24, 2013risk 0.00cvss —epss 0.00
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
- CVE-2013-5168Oct 24, 2013risk 0.00cvss —epss 0.02
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
- CVE-2013-5167Oct 24, 2013risk 0.00cvss —epss 0.01
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
- CVE-2013-5166Oct 24, 2013risk 0.00cvss —epss 0.00
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
- CVE-2013-5165Oct 24, 2013risk 0.00cvss —epss 0.02
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
- CVE-2013-5163Oct 4, 2013risk 0.00cvss —epss 0.00
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
- CVE-2011-2391Sep 19, 2013risk 0.00cvss —epss 0.01
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
- CVE-2013-1824Sep 16, 2013risk 0.00cvss —epss 0.04
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the…
- CVE-2013-1033Sep 16, 2013risk 0.00cvss —epss 0.02
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
- CVE-2013-1032Sep 16, 2013risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
- CVE-2013-1031Sep 16, 2013risk 0.00cvss —epss 0.00
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had…
- CVE-2013-1030Sep 16, 2013risk 0.00cvss —epss 0.00
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2013-1029Sep 16, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
- CVE-2013-1028Sep 16, 2013risk 0.00cvss —epss 0.01
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
- CVE-2013-1027Sep 16, 2013risk 0.00cvss —epss 0.02
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
- CVE-2013-1026Sep 16, 2013risk 0.00cvss —epss 0.03
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
- CVE-2013-1025Sep 16, 2013risk 0.00cvss —epss 0.03
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
- CVE-2013-3954Jun 5, 2013risk 0.00cvss —epss 0.00
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)…
- CVE-2013-3953Jun 5, 2013risk 0.00cvss —epss 0.00
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
- CVE-2013-3952Jun 5, 2013risk 0.00cvss —epss 0.00
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.
Page 67 of 105