Max CVSS 9.3 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
29-11-2022 - 15:56 06-09-2011 - 19:55
CVE-2012-0876 4.3
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
05-08-2022 - 14:52 03-07-2012 - 19:55
CVE-2011-4944 1.9
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
25-10-2019 - 11:53 27-08-2012 - 23:55
CVE-2012-1150 5.0
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU
25-10-2019 - 11:53 05-10-2012 - 21:55
CVE-2012-0845 5.0
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that
25-10-2019 - 11:53 05-10-2012 - 21:55
CVE-2013-5135 7.5
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
30-10-2018 - 16:26 24-10-2013 - 03:48
CVE-2013-4073 6.8
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name fie
13-08-2018 - 21:47 18-08-2013 - 02:52
CVE-2013-1667 7.5
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
19-09-2017 - 01:36 14-03-2013 - 03:13
CVE-2011-3427 2.6
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive i
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-2391 6.1
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
29-08-2017 - 01:29 19-09-2013 - 10:27
CVE-2013-0249 7.5
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash
08-12-2016 - 03:02 08-03-2013 - 22:55
CVE-2013-1944 5.0
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Per http://www.ubuntu.com/
09-09-2016 - 01:59 29-04-2013 - 22:55
CVE-2013-5170 6.8
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
24-04-2014 - 04:58 24-10-2013 - 03:48
CVE-2013-5179 7.5
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
06-03-2014 - 04:48 24-10-2013 - 03:48
CVE-2013-5139 9.3
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. Per: http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.h
06-03-2014 - 04:48 19-09-2013 - 10:28
CVE-2013-5178 5.0
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.
06-03-2014 - 04:48 24-10-2013 - 03:48
CVE-2013-5142 4.9
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
31-10-2013 - 03:35 19-09-2013 - 10:28
CVE-2013-5141 7.1
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerabilit
31-10-2013 - 03:35 19-09-2013 - 10:28
CVE-2013-5145 6.3
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
31-10-2013 - 03:35 19-09-2013 - 10:28
CVE-2013-5138 4.7
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
31-10-2013 - 03:35 19-09-2013 - 10:28
CVE-2013-3954 6.9
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with
31-10-2013 - 03:34 05-06-2013 - 14:39
CVE-2013-3950 5.0
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment varia
31-10-2013 - 03:34 05-06-2013 - 14:39
CVE-2013-5165 6.4
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking
25-10-2013 - 00:10 24-10-2013 - 03:48
CVE-2013-5169 1.9
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
25-10-2013 - 00:09 24-10-2013 - 03:48
CVE-2013-5173 2.1
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that req
25-10-2013 - 00:04 24-10-2013 - 03:48
CVE-2013-5175 6.6
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
25-10-2013 - 00:02 24-10-2013 - 03:48
CVE-2013-5176 4.9
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
24-10-2013 - 23:53 24-10-2013 - 03:48
CVE-2013-5177 4.9
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
24-10-2013 - 23:45 24-10-2013 - 03:48
CVE-2013-5168 6.8
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
24-10-2013 - 23:44 24-10-2013 - 03:48
CVE-2013-5180 4.3
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat
24-10-2013 - 23:41 24-10-2013 - 03:48
CVE-2013-5181 4.3
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
24-10-2013 - 23:40 24-10-2013 - 03:48
CVE-2013-5183 2.6
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
24-10-2013 - 23:38 24-10-2013 - 03:48
CVE-2013-5182 5.0
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
24-10-2013 - 23:38 24-10-2013 - 03:48
CVE-2013-5185 4.3
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniff
24-10-2013 - 23:37 24-10-2013 - 03:48
CVE-2013-5186 2.1
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitione
24-10-2013 - 23:32 24-10-2013 - 03:48
CVE-2013-5189 5.8
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an
24-10-2013 - 23:31 24-10-2013 - 03:48
CVE-2013-5184 5.7
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's cove
24-10-2013 - 23:31 24-10-2013 - 03:48
CVE-2013-5190 4.3
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.
24-10-2013 - 16:19 24-10-2013 - 03:48
CVE-2013-5192 4.9
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
24-10-2013 - 16:10 24-10-2013 - 03:48
CVE-2013-5191 2.1
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
24-10-2013 - 16:05 24-10-2013 - 03:48
CVE-2013-5188 4.0
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an una
24-10-2013 - 15:51 24-10-2013 - 03:48
CVE-2013-5187 1.9
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sen
24-10-2013 - 15:45 24-10-2013 - 03:48
CVE-2013-5174 4.9
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
24-10-2013 - 15:17 24-10-2013 - 03:48
CVE-2013-5172 7.1
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by
24-10-2013 - 15:09 24-10-2013 - 03:48
CVE-2013-5171 3.3
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
24-10-2013 - 15:06 24-10-2013 - 03:48
CVE-2013-5167 5.0
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
24-10-2013 - 14:54 24-10-2013 - 03:48
CVE-2013-5166 4.9
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
24-10-2013 - 14:43 24-10-2013 - 03:48
Back to Top Mark selected
Back to Top