Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-24 | CVE-2013-5143 | Certificate Validation Security Bypass vulnerability in Apple Mac OS X Server The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. network apple | 6.8 |
| 2013-10-24 | CVE-2013-5130 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | 5.0 |
| 2013-10-24 | CVE-2013-5192 | Improper Input Validation vulnerability in Apple mac OS X The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | 4.9 |
| 2013-10-24 | CVE-2013-5190 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. | 4.3 |
| 2013-10-24 | CVE-2013-5189 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. | 5.8 |
| 2013-10-24 | CVE-2013-5188 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | 4.0 |
| 2013-10-24 | CVE-2013-5185 | Cryptographic Issues vulnerability in Apple mac OS X The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | 4.3 |
| 2013-10-24 | CVE-2013-5184 | Resource Management Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | 5.7 |
| 2013-10-24 | CVE-2013-5182 | Cryptographic Issues vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | 5.0 |
| 2013-10-24 | CVE-2013-5181 | Cryptographic Issues vulnerability in Apple mac OS X The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |