Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2013-09-16 CVE-2013-1028 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
network
apple CWE-20
5.8
2013-09-16 CVE-2013-1027 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
network
apple CWE-264
6.8
2013-09-16 CVE-2013-1026 Buffer Errors vulnerability in Apple Iphone OS and mac OS X
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
network
apple CWE-119
6.8
2013-09-16 CVE-2013-1025 Buffer Errors vulnerability in Apple Iphone OS and mac OS X
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
network
apple CWE-119
6.8
2013-06-05 CVE-2013-3951 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
local
low complexity
apple CWE-20
4.6
2013-06-05 CVE-2013-1024 Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
network
apple CWE-20
6.8
2013-06-05 CVE-2013-0990 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
network
apple CWE-264
4.9
2013-06-05 CVE-2013-0985 Improper Authentication vulnerability in Apple mac OS X
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
local
low complexity
apple CWE-287
2.1
2013-06-05 CVE-2013-0984 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
network
apple CWE-119
critical
9.3
2013-06-05 CVE-2013-0983 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.
network
apple CWE-119
6.8