Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-1033 1Apple 1Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.5 MEDIUM· v2 Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
CVE-2013-1032 1Apple 2Mac Os X Quicktime Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
CVE-2013-1031 1Apple 1Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 3.3 LOW· v2 Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an...Show more Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.Show less
CVE-2013-1030 1Apple 1Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2013-1029 1Apple 1Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
CVE-2013-1028 1Apple 2Iphone Os Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtai...Show more The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.Show less
CVE-2013-1027 1Apple 1Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a...Show more Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.Show less
CVE-2013-1026 1Apple 2Iphone Os Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
CVE-2013-1025 1Apple 2Iphone Os Mac Os X Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
CVE-2013-3954 1Apple 2Iphone Os Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size v...Show more The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.Show less
CVE-2013-3953 1Apple 2Iphone Os Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel...Show more The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.Show less
CVE-2013-3952 1Apple 1Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for...Show more The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.Show less
CVE-2013-3951 1Apple 3Iphone Os Mac Os XWatchos Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 4.6 MEDIUM· v2 sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie ran...Show more sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.Show less
CVE-2013-3949 1Apple 1Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users...Show more The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.Show less
CVE-2013-1024 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (applicati...Show more CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.Show less
CVE-2013-0990 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
CVE-2013-0985 1Apple 1Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified co...Show more Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.Show less
CVE-2013-0984 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
CVE-2013-0983 1Apple 1Mac Os X Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encoun...Show more Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.Show less
CVE-2013-0982 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 1.7 LOW· v2 The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authe...Show more The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.Show less

Previous 1...116117118...161 Next