Vulnerabilities > Apple > MAC OS X > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-27 | CVE-2014-1257 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | 3.6 |
| 2014-02-27 | CVE-2014-1264 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. | 3.3 |
| 2013-12-17 | CVE-2013-7127 | Cryptographic Issues vulnerability in Apple mac OS X and Safari Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2013-10-24 | CVE-2013-5169 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 1.9 |
| 2013-10-24 | CVE-2013-5171 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | 3.3 |
| 2013-10-24 | CVE-2013-5173 | Cryptographic Issues vulnerability in Apple mac OS X The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | 2.1 |
| 2013-10-24 | CVE-2013-5183 | Information Exposure vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | 2.6 |
| 2013-10-24 | CVE-2013-5186 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | 2.1 |
| 2013-10-24 | CVE-2013-5187 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | 1.9 |
| 2013-10-24 | CVE-2013-5191 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | 2.1 |