CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5180
https://notcve.org/view.php?id=CVE-2013-5180
24 Oct 2013 — The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. La función srandomdev en Libc en Apple Mac OS X anteriores a 10.9, cuando el generador de números aleatorios del kernel no está disponible, pro... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5174
https://notcve.org/view.php?id=CVE-2013-5174
24 Oct 2013 — Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Error de signo en enteros en el kernel de Apple Mac OS X anteriores a 10.9 permite a usuarios locales causar denegación de servicio (caída del sistema) a través de una operación de lectura tty manipulada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5183
https://notcve.org/view.php?id=CVE-2013-5183
24 Oct 2013 — Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. Mail en Apple Mac OS X anterior a 10.9, cuando la autenticación Kerberos esta activada y TLS esta deshabilitado, envía datos inválidos en texto plano, lo que permite a atacantes remotos obtener información sensible capturando el tráfico de red. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5170 – Apple Security Advisory 2014-04-22-1
https://notcve.org/view.php?id=CVE-2013-5170
24 Oct 2013 — Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Buffer underflow en CoreGraphics de Apple Mac OS X anterior a la versión 10.9 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (cuelgue de la aplicación) a través de un documento PDF diseñado. Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork ... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5178 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5178
24 Oct 2013 — LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. LaunchServices en Apple Mac OS X anteriores a 10.9 no restringe apropiadamente los caracteres Unicode en nombres de ficheros, lo cual permite a atacantes dependientes del contexto falsificar extensiones de fichero a través de secuencias de caracteres manipuladas. OS X Mavericks 10.9.2 and Security Update 2... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5179 – Apple Security Advisory 2014-02-25-1
https://notcve.org/view.php?id=CVE-2013-5179
24 Oct 2013 — App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. App Sandbox in Apple Mac OS X anterior a 10.9 permite a atacantes sortear restricciones de sandbox a traves de una aplicación manipulada que utiliza el interfaz LaunchServices para especificar argumentos de proceso. OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues inc... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5163 – Apple Security Advisory 2013-10-03-1
https://notcve.org/view.php?id=CVE-2013-5163
03 Oct 2013 — Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. Directory Services en Apple Mac OS X anterior a 10.8.5 Supplemental Update permite a usuarios locales evadir autenticación basada en contraseña y modificar registros de Directory Services arbitrarios a través de vectores sin especificar. OS X version 10.8.5 Supplemental Update is now available and addresses ... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00000.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 50EXPL: 0CVE-2011-2391 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2011-2391
19 Sep 2013 — The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. La implementación de IPv6 en el núcleo de Apple iOS anterior a 7 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de paquetes ICMPv6 manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and variou... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 53EXPL: 0CVE-2013-1026 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1026
13 Sep 2013 — Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. Vulnerabildad de desbordamiento de búfer en ImageIO de Apple Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (caida de aplicación) a través de datos JPEG2000 en un documento PDF iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1030 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1030
13 Sep 2013 — mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. El cliente mdmclient en control de dispositivos móviles en Apple Mac OS X anterior a 10.8.5 pone la contraseña en línea de comandos lo que permite a usuarios locales obtener información sensible inspeccionando el proceso OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues,... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •