Apple: >> Mac Os X >> 10.8.3 Security Vulnerabilities
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
CVSS Score
4.9
EPSS Score
0.0
Published
2013-10-24
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
CVSS Score
4.9
EPSS Score
0.0
Published
2013-10-24
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
CVSS Score
7.5
EPSS Score
0.03
Published
2013-10-24
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-10-24
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
CVSS Score
4.9
EPSS Score
0.001
Published
2013-10-24
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
CVSS Score
6.6
EPSS Score
0.0
Published
2013-10-04
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
CVSS Score
6.8
EPSS Score
0.002
Published
2013-09-20
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
CVSS Score
6.1
EPSS Score
0.012
Published
2013-09-19
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.
CVSS Score
2.6
EPSS Score
0.004
Published
2013-09-18
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
CVSS Score
4.3
EPSS Score
0.021
Published
2013-09-16