Apple macOS vulnerabilities

CVE-2013-5174 [MEDIUM] CWE-189 CVE-2013-5174: Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a d Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.

CVE-2013-5182 [MEDIUM] CWE-310 CVE-2013-5182: Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

CVE-2013-5176 [MEDIUM] CWE-189 CVE-2013-5176: The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.

CVE-2013-5168 [MEDIUM] CWE-20 CVE-2013-5168: Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary app Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

CVE-2013-5181 [MEDIUM] CWE-310 CVE-2013-5181: The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authenticatio The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

CVE-2013-5192 [MEDIUM] CWE-20 CVE-2013-5192: The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.

CVE-2013-5178 [MEDIUM] CWE-264 CVE-2013-5178: LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filena LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

CVE-2013-5188 [MEDIUM] CWE-264 CVE-2013-5188: The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are ena The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.

CVE-2013-5177 [MEDIUM] CWE-189 CVE-2013-5177: The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.

CVE-2013-5171 [LOW] CWE-264 CVE-2013-5171: CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

CVE-2013-5183 [LOW] CWE-200 CVE-2013-5183: Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sen Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

CVE-2013-5169 [LOW] CWE-264 CVE-2013-5169: CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that sc CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

CVE-2013-5173 [LOW] CWE-310 CVE-2013-5173: The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive a The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

CVE-2013-5187 [LOW] CWE-264 CVE-2013-5187: The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain St The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

CVE-2013-5191 [LOW] CWE-264 CVE-2013-5191: The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive infor The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

CVE-2013-5186 [LOW] CWE-264 CVE-2013-5186: Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between lock Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

CVE-2013-5163 [MEDIUM] CWE-287 CVE-2013-5163: Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

CVE-2011-2391 [MEDIUM] CWE-20 CVE-2011-2391: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denia The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

CVE-2013-1029 [MEDIUM] CWE-20 CVE-2013-1029: The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (pan The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

CVE-2013-1033 [MEDIUM] CWE-264 CVE-2013-1033: Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote au Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.