CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5172
https://notcve.org/view.php?id=CVE-2013-5172
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. El kernel en Apple Mac OS X anterior a 10.9 no determina la longitud de salida para las llamadas a funciones SHA-2, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (panic) disparando una operación de re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5190
https://notcve.org/view.php?id=CVE-2013-5190
24 Oct 2013 — Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. Los servicios de tarjeta inteligente en Apple Mac OS X anterior a 10.9 no implemente verificación de revocación de certificado lo que permite a atacante s remotos causar denegación de servicio interfiriendo con el proceso de verificación de revocacvión • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5188
https://notcve.org/view.php?id=CVE-2013-5188
24 Oct 2013 — The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. La implementación de Screen Lock en Apple Mac OS X anteriores a 10.9, cuando la hibernación y autologin están activos, no requiere contraseña para salir de la hibernación, lo cual permite a atacantes físicamente cerc... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5177
https://notcve.org/view.php?id=CVE-2013-5177
24 Oct 2013 — The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. El kernel de Apple Mac OS X anterior a 10.9 permite a usuarios locales provocar una denegación de servicio (panic) a través de una estructura iovec no válida. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5191
https://notcve.org/view.php?id=CVE-2013-5191
24 Oct 2013 — The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. La implementación de syslog en Apple Mac OS X anteriores a 10.9 permite a usuarios locales obtener información sensible utilizando el acceso a la cuenta de invitados y leyendo los mensajes del log de la consola de sesiones de invitado anteriores. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5186
https://notcve.org/view.php?id=CVE-2013-5186
24 Oct 2013 — Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Administrador de energía en Apple Mac OS X anterior a la versión 10.9 no controla correctamente la interacción entre el bloqueo y las afirmaciones de potencia, lo que permite a atacantes físicamente próximos a obtener información sensibl... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5189
https://notcve.org/view.php?id=CVE-2013-5189
24 Oct 2013 — Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. Apple Mac OS X anterior a 10.9 no preserva ciertos ajustes de sistema administrativos a traves de las actualizaciones de software, lo que permite a atacantes dependientes de contexto sortear re... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5170 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2013-5170
24 Oct 2013 — Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Buffer underflow en CoreGraphics de Apple Mac OS X anterior a la versión 10.9 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (cuelgue de la aplicación) a través de un documento PDF diseñado. Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork ... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5178 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5178
24 Oct 2013 — LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. LaunchServices en Apple Mac OS X anteriores a 10.9 no restringe apropiadamente los caracteres Unicode en nombres de ficheros, lo cual permite a atacantes dependientes del contexto falsificar extensiones de fichero a través de secuencias de caracteres manipuladas. OS X Mavericks 10.9.2 and Security Update 2... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5179 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5179
24 Oct 2013 — App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. App Sandbox in Apple Mac OS X anterior a 10.9 permite a atacantes sortear restricciones de sandbox a traves de una aplicación manipulada que utiliza el interfaz LaunchServices para especificar argumentos de proceso. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues inc... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •