Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1026 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-26 | 6.8 MEDIUM | N/A |
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||||
CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-26 | 5.8 MEDIUM | N/A |
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
CVE-2013-1130 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2013-09-23 | 6.8 MEDIUM | N/A |
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | |||||
CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2013-09-19 | 3.3 LOW | N/A |
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. | |||||
CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2013-09-18 | 5.5 MEDIUM | N/A |
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||||
CVE-2013-1029 | 1 Apple | 1 Mac Os X | 2013-09-18 | 4.9 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||||
CVE-2013-1030 | 1 Apple | 1 Mac Os X | 2013-09-18 | 2.1 LOW | N/A |
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2013-09-18 | 6.8 MEDIUM | N/A |
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||||
CVE-2010-0533 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-09-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | |||||
CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-09-05 | 4.6 MEDIUM | N/A |
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||||
CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2013-08-26 | 2.1 LOW | N/A |
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
CVE-2013-3345 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-21 | 10.0 HIGH | N/A |
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2013-3347 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-21 | 10.0 HIGH | N/A |
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. | |||||
CVE-2012-5131 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-08-16 | 7.5 HIGH | N/A |
Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2007-0588 | 1 Apple | 2 Mac Os X, Quicktime | 2013-08-14 | 7.1 HIGH | N/A |
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | |||||
CVE-2013-2872 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-07-10 | 5.0 MEDIUM | N/A |
Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. | |||||
CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-07-03 | 7.2 HIGH | N/A |
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | |||||
CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 2.1 LOW | N/A |
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||
CVE-2013-3952 | 1 Apple | 1 Mac Os X | 2013-06-05 | 2.1 LOW | N/A |
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | |||||
CVE-2013-0984 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 9.3 HIGH | N/A |
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. |