Vendor CVEs
Apple Inc.
All CVEs
8,442 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1261 | 0.00 | — | 0.03 | Feb 27, 2014 | Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||
| CVE-2014-1260 | 0.00 | — | 0.02 | Feb 27, 2014 | QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | |||
| CVE-2014-1259 | 0.00 | — | 0.02 | Feb 27, 2014 | Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. | |||
| CVE-2014-1258 | 0.00 | — | 0.02 | Feb 27, 2014 | Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |||
| CVE-2014-1257 | 0.00 | — | 0.00 | Feb 27, 2014 | CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2014-1256 | 0.00 | — | 0.01 | Feb 27, 2014 | Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1255 | 0.00 | — | 0.02 | Feb 27, 2014 | Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1254 | 0.00 | — | 0.02 | Feb 27, 2014 | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||
| CVE-2014-1251 | 0.00 | — | 0.04 | Feb 27, 2014 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. | |||
| CVE-2014-1250 | 0.00 | — | 0.04 | Feb 27, 2014 | Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file. | |||
| CVE-2014-1249 | 0.00 | — | 0.04 | Feb 27, 2014 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image. | |||
| CVE-2014-1248 | 0.00 | — | 0.04 | Feb 27, 2014 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file. | |||
| CVE-2014-1247 | 0.00 | — | 0.04 | Feb 27, 2014 | Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file. | |||
| CVE-2014-1246 | 0.00 | — | 0.04 | Feb 27, 2014 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. | |||
| CVE-2014-1245 | 0.00 | — | 0.04 | Feb 27, 2014 | Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file. | |||
| CVE-2014-1244 | 0.00 | — | 0.04 | Feb 27, 2014 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||
| CVE-2014-1243 | 0.00 | — | 0.04 | Feb 27, 2014 | Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. | |||
| CVE-2014-1253 | 0.00 | — | 0.00 | Feb 14, 2014 | AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. | |||
| CVE-2013-6891 | 0.00 | — | 0.00 | Jan 26, 2014 | lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||
| CVE-2014-1252 | 0.00 | — | 0.04 | Jan 24, 2014 | Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | |||
| CVE-2014-1242 | 0.00 | — | 0.01 | Jan 23, 2014 | Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||
| CVE-2013-5987 | 0.00 | — | 0.00 | Jan 21, 2014 | Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |||
| CVE-2010-1819 | 0.00 | — | 0.05 | Dec 27, 2013 | Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3)… | |||
| CVE-2013-5228 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5227 | 0.00 | — | 0.02 | Dec 18, 2013 | Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. | |||
| CVE-2013-5225 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5199 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5198 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5197 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5196 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-5195 | 0.00 | — | 0.02 | Dec 18, 2013 | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2013-7127 | 0.00 | — | 0.00 | Dec 17, 2013 | Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2013-6712 | 0.00 | — | 0.05 | Nov 28, 2013 | The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. | |||
| CVE-2013-5193 | 0.00 | — | 0.00 | Nov 18, 2013 | The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||
| CVE-2013-5148 | 0.00 | — | 0.00 | Oct 24, 2013 | Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a… | |||
| CVE-2013-5143 | 0.00 | — | 0.01 | Oct 24, 2013 | The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback… | |||
| CVE-2013-5130 | 0.00 | — | 0.01 | Oct 24, 2013 | WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | |||
| CVE-2013-5192 | 0.00 | — | 0.00 | Oct 24, 2013 | The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||
| CVE-2013-5191 | 0.00 | — | 0.00 | Oct 24, 2013 | The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | |||
| CVE-2013-5190 | 0.00 | — | 0.01 | Oct 24, 2013 | Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. | |||
| CVE-2013-5189 | 0.00 | — | 0.01 | Oct 24, 2013 | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security… | |||
| CVE-2013-5188 | 0.00 | — | 0.00 | Oct 24, 2013 | The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the… | |||
| CVE-2013-5187 | 0.00 | — | 0.00 | Oct 24, 2013 | The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading… | |||
| CVE-2013-5186 | 0.00 | — | 0.00 | Oct 24, 2013 | Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||
| CVE-2013-5185 | 0.00 | — | 0.01 | Oct 24, 2013 | The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | |||
| CVE-2013-5184 | 0.00 | — | 0.01 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | |||
| CVE-2013-5183 | 0.00 | — | 0.01 | Oct 24, 2013 | Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-5182 | 0.00 | — | 0.01 | Oct 24, 2013 | Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | |||
| CVE-2013-5181 | 0.00 | — | 0.02 | Oct 24, 2013 | The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-5180 | 0.00 | — | 0.01 | Oct 24, 2013 | The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection… |
- CVE-2014-1261Feb 27, 2014risk 0.00cvss —epss 0.03
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
- CVE-2014-1260Feb 27, 2014risk 0.00cvss —epss 0.02
QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
- CVE-2014-1259Feb 27, 2014risk 0.00cvss —epss 0.02
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
- CVE-2014-1258Feb 27, 2014risk 0.00cvss —epss 0.02
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
- CVE-2014-1257Feb 27, 2014risk 0.00cvss —epss 0.00
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
- CVE-2014-1256Feb 27, 2014risk 0.00cvss —epss 0.01
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
- CVE-2014-1255Feb 27, 2014risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
- CVE-2014-1254Feb 27, 2014risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.
- CVE-2014-1251Feb 27, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.
- CVE-2014-1250Feb 27, 2014risk 0.00cvss —epss 0.04
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.
- CVE-2014-1249Feb 27, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
- CVE-2014-1248Feb 27, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
- CVE-2014-1247Feb 27, 2014risk 0.00cvss —epss 0.04
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
- CVE-2014-1246Feb 27, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
- CVE-2014-1245Feb 27, 2014risk 0.00cvss —epss 0.04
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
- CVE-2014-1244Feb 27, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
- CVE-2014-1243Feb 27, 2014risk 0.00cvss —epss 0.04
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
- CVE-2014-1253Feb 14, 2014risk 0.00cvss —epss 0.00
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.
- CVE-2013-6891Jan 26, 2014risk 0.00cvss —epss 0.00
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
- CVE-2014-1252Jan 24, 2014risk 0.00cvss —epss 0.04
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
- CVE-2014-1242Jan 23, 2014risk 0.00cvss —epss 0.01
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
- CVE-2013-5987Jan 21, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.
- CVE-2010-1819Dec 27, 2013risk 0.00cvss —epss 0.05
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3)…
- CVE-2013-5228Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5227Dec 18, 2013risk 0.00cvss —epss 0.02
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.
- CVE-2013-5225Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5199Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5198Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5197Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5196Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-5195Dec 18, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2013-7127Dec 17, 2013risk 0.00cvss —epss 0.00
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
- CVE-2013-6712Nov 28, 2013risk 0.00cvss —epss 0.05
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
- CVE-2013-5193Nov 18, 2013risk 0.00cvss —epss 0.00
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
- CVE-2013-5148Oct 24, 2013risk 0.00cvss —epss 0.00
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a…
- CVE-2013-5143Oct 24, 2013risk 0.00cvss —epss 0.01
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback…
- CVE-2013-5130Oct 24, 2013risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.
- CVE-2013-5192Oct 24, 2013risk 0.00cvss —epss 0.00
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
- CVE-2013-5191Oct 24, 2013risk 0.00cvss —epss 0.00
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
- CVE-2013-5190Oct 24, 2013risk 0.00cvss —epss 0.01
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.
- CVE-2013-5189Oct 24, 2013risk 0.00cvss —epss 0.01
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security…
- CVE-2013-5188Oct 24, 2013risk 0.00cvss —epss 0.00
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the…
- CVE-2013-5187Oct 24, 2013risk 0.00cvss —epss 0.00
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading…
- CVE-2013-5186Oct 24, 2013risk 0.00cvss —epss 0.00
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
- CVE-2013-5185Oct 24, 2013risk 0.00cvss —epss 0.01
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.
- CVE-2013-5184Oct 24, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.
- CVE-2013-5183Oct 24, 2013risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2013-5182Oct 24, 2013risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
- CVE-2013-5181Oct 24, 2013risk 0.00cvss —epss 0.02
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2013-5180Oct 24, 2013risk 0.00cvss —epss 0.01
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection…
Page 131 of 169