Vulnerabilities > Apple > MAC OS X > 10.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-24 | CVE-2013-5173 | Cryptographic Issues vulnerability in Apple mac OS X The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | 2.1 |
| 2013-10-24 | CVE-2013-5172 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | 7.1 |
| 2013-10-24 | CVE-2013-5171 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | 3.3 |
| 2013-10-24 | CVE-2013-5170 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
| 2013-10-24 | CVE-2013-5169 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 1.9 |
| 2013-10-24 | CVE-2013-5168 | Improper Input Validation vulnerability in Apple mac OS X Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | 6.8 |
| 2013-10-24 | CVE-2013-5167 | Configuration vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | 5.0 |
| 2013-10-24 | CVE-2013-5166 | Unspecified vulnerability in Apple mac OS X The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.9 |
| 2013-10-24 | CVE-2013-5165 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | 6.4 |
| 2013-10-24 | CVE-2013-5135 | USE of Externally-Controlled Format String vulnerability in Apple Remote Desktop and mac OS X Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | 7.5 |