Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-24 | CVE-2013-5180 | Cryptographic Issues vulnerability in Apple mac OS X The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | 4.3 |
| 2013-10-24 | CVE-2013-5178 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | 5.0 |
| 2013-10-24 | CVE-2013-5177 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | 4.9 |
| 2013-10-24 | CVE-2013-5176 | Numeric Errors vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | 4.9 |
| 2013-10-24 | CVE-2013-5175 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | 6.6 |
| 2013-10-24 | CVE-2013-5174 | Numeric Errors vulnerability in Apple mac OS X Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | 4.9 |
| 2013-10-24 | CVE-2013-5170 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
| 2013-10-24 | CVE-2013-5168 | Improper Input Validation vulnerability in Apple mac OS X Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | 6.8 |
| 2013-10-24 | CVE-2013-5167 | Configuration vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | 5.0 |
| 2013-10-24 | CVE-2013-5166 | Unspecified vulnerability in Apple mac OS X The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.9 |