Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-3953 | Information Exposure vulnerability in Apple Iphone OS and mac OS X The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | 4.9 |
| 2013-06-05 | CVE-2013-3952 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | 2.1 |
| 2013-06-05 | CVE-2013-3951 | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | 4.6 |
| 2013-06-05 | CVE-2013-3949 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. | 2.1 |
| 2013-06-05 | CVE-2013-1024 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 6.8 |
| 2013-06-05 | CVE-2013-0990 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 4.9 |
| 2013-06-05 | CVE-2013-0985 | Improper Authentication vulnerability in Apple mac OS X Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | 2.1 |
| 2013-06-05 | CVE-2013-0984 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | 9.3 |
| 2013-06-05 | CVE-2013-0983 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | 6.8 |
| 2013-06-05 | CVE-2013-0982 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 1.7 |