Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

12 matches found

CVE•added 2013/06/05 2:39 p.m.•65 views

CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

1.7CVSS6.3AI score0.00047EPSS

CVE•added 2013/06/05 2:39 p.m.•62 views

CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-gua...

4.6CVSS5.7AI score0.00061EPSS

CVE•added 2013/06/05 2:39 p.m.•52 views

CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

9.3CVSS7.5AI score0.09856EPSS

CVE•added 2013/06/05 2:39 p.m.•51 views

CVE-2013-0975

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

6.8CVSS7.8AI score0.00892EPSS

CVE•added 2013/06/05 2:39 p.m.•49 views

CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

4.9CVSS5.8AI score0.00432EPSS

CVE•added 2013/06/05 2:39 p.m.•48 views

CVE-2013-3953

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

4.9CVSS4.9AI score0.00146EPSS

CVE•added 2013/06/05 2:39 p.m.•45 views

CVE-2013-0983

Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.

6.8CVSS7.7AI score0.00751EPSS

CVE•added 2013/06/05 2:39 p.m.•45 views

CVE-2013-3949

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the po...

2.1CVSS5.9AI score0.00048EPSS

CVE•added 2013/06/05 2:39 p.m.•42 views

CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

6.8CVSS7.4AI score0.00901EPSS

CVE•added 2013/06/05 2:39 p.m.•41 views

CVE-2013-0985

Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.

2.1CVSS6AI score0.00054EPSS

CVE•added 2013/06/05 2:39 p.m.•39 views

CVE-2013-3954

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive in...

6.9CVSS5.8AI score0.00116EPSS

CVE•added 2013/06/05 2:39 p.m.•35 views

CVE-2013-3952

The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.

2.1CVSS5.8AI score0.00133EPSS