Vulnerabilities > Apple > MAC OS X > Low

DATE CVE VULNERABILITY TITLE RISK
2013-09-16 CVE-2013-1030 Information Exposure vulnerability in Apple mac OS X
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
apple CWE-200
2.1
2013-09-16 CVE-2013-1031 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
local
apple CWE-264
3.3
2013-06-05 CVE-2013-0982 Information Exposure vulnerability in Apple mac OS X and mac OS X Server
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
local
low complexity
apple CWE-200
1.7
2013-06-05 CVE-2013-0985 Improper Authentication vulnerability in Apple mac OS X
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
local
low complexity
apple CWE-287
2.1
2013-06-05 CVE-2013-3949 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.
local
low complexity
apple CWE-264
2.1
2013-06-05 CVE-2013-3952 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.
local
low complexity
apple CWE-264
2.1
2012-09-20 CVE-2012-3718 Information Exposure vulnerability in Apple mac OS X and mac OS X Server
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
local
low complexity
apple CWE-200
2.1
2012-05-11 CVE-2012-0657 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
local
low complexity
apple CWE-264
2.1
2012-02-01 CVE-2012-0450 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.
local
low complexity
mozilla apple linux CWE-264
2.1
2011-10-14 CVE-2011-3212 Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.
local
low complexity
apple CWE-310
2.1