Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

11 matches found

CVE•added 2013/09/16 1:2 p.m.•129 views

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xm...

4.3CVSS5.6AI score0.00862EPSS

CVE•added 2013/09/19 10:27 a.m.•84 views

CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

6.1CVSS4.1AI score0.01129EPSS

CVE•added 2013/09/16 1:2 p.m.•57 views

CVE-2013-1032

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

6.8CVSS7.7AI score0.0202EPSS

CVE•added 2013/09/16 1:2 p.m.•51 views

CVE-2013-1025

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

6.8CVSS7.8AI score0.01133EPSS

CVE•added 2013/09/16 1:2 p.m.•51 views

CVE-2013-1030

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

2.1CVSS5.4AI score0.00133EPSS

CVE•added 2013/09/16 1:2 p.m.•47 views

CVE-2013-1031

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of ...

3.3CVSS6AI score0.00042EPSS

CVE•added 2013/09/16 1:2 p.m.•45 views

CVE-2013-1028

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

5.8CVSS5.3AI score0.0038EPSS

CVE•added 2013/09/16 1:2 p.m.•45 views

CVE-2013-1029

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

4.9CVSS6.3AI score0.00495EPSS

CVE•added 2013/09/16 1:2 p.m.•43 views

CVE-2013-1027

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.

6.8CVSS7.4AI score0.03508EPSS

CVE•added 2013/09/16 1:2 p.m.•42 views

CVE-2013-1026

Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

6.8CVSS7.8AI score0.01006EPSS

CVE•added 2013/09/16 1:2 p.m.•42 views

CVE-2013-1033

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

5.5CVSS5.7AI score0.00084EPSS