The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network....
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent...
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. Date published : 2013-10-23 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html...
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. Date published : 2013-10-23 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html...
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Date published : 2013-10-23 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering...
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Date published...
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Date published : 2013-10-23...
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator...
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering...
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application’s keystrokes via a hotkey event registration. Date published : 2013-10-23 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Date published :...
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information...
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. Date published : 2013-10-23 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html