Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-24 | CVE-2013-5173 | Cryptographic Issues vulnerability in Apple mac OS X The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | 2.1 |
2013-10-24 | CVE-2013-5172 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | 7.1 |
2013-10-24 | CVE-2013-5171 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | 3.3 |
2013-10-24 | CVE-2013-5170 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2013-10-24 | CVE-2013-5169 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 1.9 |
2013-10-24 | CVE-2013-5168 | Improper Input Validation vulnerability in Apple mac OS X Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | 6.8 |
2013-10-24 | CVE-2013-5167 | Configuration vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | 5.0 |
2013-10-24 | CVE-2013-5166 | Unspecified vulnerability in Apple mac OS X The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.9 |
2013-10-24 | CVE-2013-5165 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | 6.4 |
2013-10-24 | CVE-2013-5164 | Race Condition vulnerability in Apple Iphone OS Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | 3.3 |