Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-24 | CVE-2013-5183 | Information Exposure vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | 2.6 |
| 2013-10-24 | CVE-2013-5182 | Cryptographic Issues vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | 5.0 |
| 2013-10-24 | CVE-2013-5181 | Cryptographic Issues vulnerability in Apple mac OS X The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |
| 2013-10-24 | CVE-2013-5180 | Cryptographic Issues vulnerability in Apple mac OS X The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | 4.3 |
| 2013-10-24 | CVE-2013-5179 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | 7.5 |
| 2013-10-24 | CVE-2013-5178 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | 5.0 |
| 2013-10-24 | CVE-2013-5177 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | 4.9 |
| 2013-10-24 | CVE-2013-5176 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | 4.9 |
| 2013-10-24 | CVE-2013-5175 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | 6.6 |
| 2013-10-24 | CVE-2013-5174 | Numeric Errors vulnerability in Apple mac OS X Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | 4.9 |