CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5192
https://notcve.org/view.php?id=CVE-2013-5192
24 Oct 2013 — The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. El controlador hub USB en Apple Mac OS X anterior a la versión 10.9 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una solicitud manipulada con un (1) puerto o (2) el número de puerto. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5173
https://notcve.org/view.php?id=CVE-2013-5173
24 Oct 2013 — The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. El generador de números aleatorios en el kernel de Apple Mac OS X anteriores a 10.9 proporciona acceso exclusivo estenso para procesar peticiones grandes, lo cual permite a usuarios locales causar denegación de servicio (agotamiento te... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5178 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5178
24 Oct 2013 — LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. LaunchServices en Apple Mac OS X anteriores a 10.9 no restringe apropiadamente los caracteres Unicode en nombres de ficheros, lo cual permite a atacantes dependientes del contexto falsificar extensiones de fichero a través de secuencias de caracteres manipuladas. OS X Mavericks 10.9.2 and Security Update 2... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5189
https://notcve.org/view.php?id=CVE-2013-5189
24 Oct 2013 — Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. Apple Mac OS X anterior a 10.9 no preserva ciertos ajustes de sistema administrativos a traves de las actualizaciones de software, lo que permite a atacantes dependientes de contexto sortear re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5165
https://notcve.org/view.php?id=CVE-2013-5165
24 Oct 2013 — socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. socketfilterfw en Application Firewall en Apple Mac OS X anteriores a 10.9 no implementa correctamente la opción --blockApp, lo cual permite a atacantes remotos sortear restricciones de acceso intencionadas a través de una conexión de red a una ... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5168
https://notcve.org/view.php?id=CVE-2013-5168
24 Oct 2013 — Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. La consola de Apple Mac OS X anterior a la versión 10.9 permite a atacantes remotos asistidos por el usuario ejecutar aplicaciones arbitrarias mediante la activación de una entrada log con una URL adjunta diseñada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5176
https://notcve.org/view.php?id=CVE-2013-5176
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. El kernel en Apple Mac OS X anterior a 10.9 no maneja apropiadamente los valores enteros durante operaciones de dispositivos tty no especificados, lo que permite a usuarios locales causar una denegación de servicio (cuelgue de sistema) disparando un error de truncado. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5187
https://notcve.org/view.php?id=CVE-2013-5187
24 Oct 2013 — The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. La implementación de Screen Lock en Apple Mac OS X anterior a la versión 10.9 no acepta inmediatamente el menú Keychain Status de comandos Lock Screen, y en su lugar conf... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5167
https://notcve.org/view.php?id=CVE-2013-5167
24 Oct 2013 — CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. CFNetwork en Apple Mac OS X anterior 10.9 no soporta apropiadamente el borrado de cookies cuando se realiza una operación de reset en Safari, lo que hace más fácil a los servidores web remotos rastrear usuarios a través de cabeceras Set-Cookie HTTP. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5172
https://notcve.org/view.php?id=CVE-2013-5172
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. El kernel en Apple Mac OS X anterior a 10.9 no determina la longitud de salida para las llamadas a funciones SHA-2, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (panic) disparando una operación de re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •