CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5180
https://notcve.org/view.php?id=CVE-2013-5180
24 Oct 2013 — The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. La función srandomdev en Libc en Apple Mac OS X anteriores a 10.9, cuando el generador de números aleatorios del kernel no está disponible, pro... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5174
https://notcve.org/view.php?id=CVE-2013-5174
24 Oct 2013 — Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Error de signo en enteros en el kernel de Apple Mac OS X anteriores a 10.9 permite a usuarios locales causar denegación de servicio (caída del sistema) a través de una operación de lectura tty manipulada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5183
https://notcve.org/view.php?id=CVE-2013-5183
24 Oct 2013 — Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. Mail en Apple Mac OS X anterior a 10.9, cuando la autenticación Kerberos esta activada y TLS esta deshabilitado, envía datos inválidos en texto plano, lo que permite a atacantes remotos obtener información sensible capturando el tráfico de red. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5175
https://notcve.org/view.php?id=CVE-2013-5175
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. El kernel en Apple Mac OS X anterior a 10.9 permite a usuarios locales obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída del sistema) a través de un archivo Mach-O manipulado. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5187
https://notcve.org/view.php?id=CVE-2013-5187
24 Oct 2013 — The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. La implementación de Screen Lock en Apple Mac OS X anterior a la versión 10.9 no acepta inmediatamente el menú Keychain Status de comandos Lock Screen, y en su lugar conf... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5176
https://notcve.org/view.php?id=CVE-2013-5176
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. El kernel en Apple Mac OS X anterior a 10.9 no maneja apropiadamente los valores enteros durante operaciones de dispositivos tty no especificados, lo que permite a usuarios locales causar una denegación de servicio (cuelgue de sistema) disparando un error de truncado. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5181
https://notcve.org/view.php?id=CVE-2013-5181
24 Oct 2013 — The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. La funcionalidad de auto-configuración en Mail en Apple Mac OS X anteriores a 10.9 selecciona autenticación sin cifrar para servidores no especificados que soportan autenticación CRAM-MD5, lo cual permite a atacantes remotos obtener información sensible mediant... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5172
https://notcve.org/view.php?id=CVE-2013-5172
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. El kernel en Apple Mac OS X anterior a 10.9 no determina la longitud de salida para las llamadas a funciones SHA-2, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (panic) disparando una operación de re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5190
https://notcve.org/view.php?id=CVE-2013-5190
24 Oct 2013 — Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. Los servicios de tarjeta inteligente en Apple Mac OS X anterior a 10.9 no implemente verificación de revocación de certificado lo que permite a atacante s remotos causar denegación de servicio interfiriendo con el proceso de verificación de revocacvión • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5188
https://notcve.org/view.php?id=CVE-2013-5188
24 Oct 2013 — The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. La implementación de Screen Lock en Apple Mac OS X anteriores a 10.9, cuando la hibernación y autologin están activos, no requiere contraseña para salir de la hibernación, lo cual permite a atacantes físicamente cerc... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •