Total
5565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5192 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
| The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||||
| CVE-2013-5191 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.1 LOW | N/A |
| The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | |||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.0 MEDIUM | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | |||||
| CVE-2013-5187 | 1 Apple | 1 Mac Os X | 2013-10-24 | 1.9 LOW | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||||
| CVE-2013-5174 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
| Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | |||||
| CVE-2013-5172 | 1 Apple | 1 Mac Os X | 2013-10-24 | 7.1 HIGH | N/A |
| The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | |||||
| CVE-2013-5171 | 1 Apple | 1 Mac Os X | 2013-10-24 | 3.3 LOW | N/A |
| CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | |||||
| CVE-2013-5167 | 1 Apple | 1 Mac Os X | 2013-10-24 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | |||||
| CVE-2013-5166 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
| The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2013-3953 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-11 | 4.9 MEDIUM | N/A |
| The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2013-10-07 | 6.6 MEDIUM | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||||
| CVE-2013-1729 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2013-10-03 | 2.6 LOW | N/A |
| The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. | |||||
| CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 5.8 MEDIUM | N/A |
| The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-1026 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||||
| CVE-2013-1025 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |||||
| CVE-2013-1130 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2013-09-23 | 6.8 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | |||||
| CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2013-09-19 | 3.3 LOW | N/A |
| Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. | |||||
| CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2013-09-18 | 5.5 MEDIUM | N/A |
| Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||||
| CVE-2013-1029 | 1 Apple | 1 Mac Os X | 2013-09-18 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||||
| CVE-2013-1030 | 1 Apple | 1 Mac Os X | 2013-09-18 | 2.1 LOW | N/A |
| mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||