Vulnerabilities > Apple > MAC OS X > 10.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-0990 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 4.9 |
| 2013-06-05 | CVE-2013-0985 | Improper Authentication vulnerability in Apple mac OS X Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | 2.1 |
| 2013-06-05 | CVE-2013-0983 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | 6.8 |
| 2013-06-05 | CVE-2013-0982 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 1.7 |
| 2013-06-05 | CVE-2013-0975 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 6.8 |
| 2013-05-24 | CVE-2013-0986 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and Quicktime Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. | 9.3 |
| 2013-05-20 | CVE-2013-1014 | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | 4.3 |
| 2013-04-08 | CVE-2013-2777 | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |
| 2013-04-08 | CVE-2013-2776 | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |
| 2013-04-08 | CVE-2013-1776 | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |