Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1266 1Apple 3Iphone Os Mac Os XTvos Apr 29, 2026 Feb 22, 2014 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before...Show more The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.Show less
CVE-2014-1252 1Apple 3Iphone Os Mac Os XPages Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
CVE-2013-5987 2Apple Nvidia 2Gpu Driver Mac Os X Apr 29, 2026 Jan 21, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.
CVE-2013-7127 1Apple 2Mac Os X Safari Apr 29, 2026 Dec 17, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
CVE-2013-6420 3Apple OpensusePhp 3Mac Os X OpensusePhp Apr 29, 2026 Dec 17, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which a...Show more The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.Show less
CVE-2012-6151 3Apple CanonicalNet Snmp 3Mac Os X Net SnmpUbuntu Linux Apr 29, 2026 Dec 13, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing...Show more Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.Show less
CVE-2013-6712 5Apple CanonicalDebian+2 more 5Debian Linux Mac Os XOpensuse+2 more Apr 29, 2026 Nov 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer...Show more The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.Show less
CVE-2013-6799 1Apple 1Mac Os X Apr 29, 2026 Nov 18, 2013 N/A· v4 N/A· v3 4.7 MEDIUM· v2 Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
CVE-2013-5192 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
CVE-2013-5191 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
CVE-2013-5190 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the re...Show more Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.Show less
CVE-2013-5189 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic c...Show more Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update.Show less
CVE-2013-5188 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to ob...Show more The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.Show less
CVE-2013-5187 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically pro...Show more The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.Show less
CVE-2013-5186 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a scree...Show more Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.Show less
CVE-2013-5185 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging uninte...Show more The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.Show less
CVE-2013-5184 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 5.7 MEDIUM· v2 The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presen...Show more The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.Show less
CVE-2013-5183 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 2.6 LOW· v2 Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-5182 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
CVE-2013-5181 1Apple 1Mac Os X Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive inform...Show more The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.Show less

Previous 1...114115116...161 Next