CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5172
https://notcve.org/view.php?id=CVE-2013-5172
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. El kernel en Apple Mac OS X anterior a 10.9 no determina la longitud de salida para las llamadas a funciones SHA-2, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (panic) disparando una operación de re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5181
https://notcve.org/view.php?id=CVE-2013-5181
24 Oct 2013 — The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. La funcionalidad de auto-configuración en Mail en Apple Mac OS X anteriores a 10.9 selecciona autenticación sin cifrar para servidores no especificados que soportan autenticación CRAM-MD5, lo cual permite a atacantes remotos obtener información sensible mediant... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5185
https://notcve.org/view.php?id=CVE-2013-5185
24 Oct 2013 — The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. El programa de línea de comandos ldapsearch en OpenLDAP en Apple Mac OS X anteriores a 10.9 no procesa correctamente la configuración de minssf, lo cual permite a atacantes remotos obtener información sensible aprovechándose de cifrados débiles ... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5183
https://notcve.org/view.php?id=CVE-2013-5183
24 Oct 2013 — Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. Mail en Apple Mac OS X anterior a 10.9, cuando la autenticación Kerberos esta activada y TLS esta deshabilitado, envía datos inválidos en texto plano, lo que permite a atacantes remotos obtener información sensible capturando el tráfico de red. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5173
https://notcve.org/view.php?id=CVE-2013-5173
24 Oct 2013 — The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. El generador de números aleatorios en el kernel de Apple Mac OS X anteriores a 10.9 proporciona acceso exclusivo estenso para procesar peticiones grandes, lo cual permite a usuarios locales causar denegación de servicio (agotamiento te... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5178 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5178
24 Oct 2013 — LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. LaunchServices en Apple Mac OS X anteriores a 10.9 no restringe apropiadamente los caracteres Unicode en nombres de ficheros, lo cual permite a atacantes dependientes del contexto falsificar extensiones de fichero a través de secuencias de caracteres manipuladas. OS X Mavericks 10.9.2 and Security Update 2... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5189
https://notcve.org/view.php?id=CVE-2013-5189
24 Oct 2013 — Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. Apple Mac OS X anterior a 10.9 no preserva ciertos ajustes de sistema administrativos a traves de las actualizaciones de software, lo que permite a atacantes dependientes de contexto sortear re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5165
https://notcve.org/view.php?id=CVE-2013-5165
24 Oct 2013 — socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. socketfilterfw en Application Firewall en Apple Mac OS X anteriores a 10.9 no implementa correctamente la opción --blockApp, lo cual permite a atacantes remotos sortear restricciones de acceso intencionadas a través de una conexión de red a una ... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5168
https://notcve.org/view.php?id=CVE-2013-5168
24 Oct 2013 — Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. La consola de Apple Mac OS X anterior a la versión 10.9 permite a atacantes remotos asistidos por el usuario ejecutar aplicaciones arbitrarias mediante la activación de una entrada log con una URL adjunta diseñada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5176
https://notcve.org/view.php?id=CVE-2013-5176
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. El kernel en Apple Mac OS X anterior a 10.9 no maneja apropiadamente los valores enteros durante operaciones de dispositivos tty no especificados, lo que permite a usuarios locales causar una denegación de servicio (cuelgue de sistema) disparando un error de truncado. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •