Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310810210HistoryNov 22, 2016 - 12:00 a.m.
Apple Mac OS X Code Execution And Denial of Service Vulnerabilities
2016-11-2200:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
17
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.06 Low
EPSS
Percentile
93.4%
Apple Mac OS X is prone to code execution and denial of service vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.810210");
script_version("2023-07-21T05:05:22+0000");
script_cve_id("CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2013-7456",
"CVE-2016-4637", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-1836",
"CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4483", "CVE-2016-4614",
"CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4449",
"CVE-2016-1684", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609",
"CVE-2016-4610", "CVE-2016-4612", "CVE-2016-1798", "CVE-2015-8126");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-09-01 01:29:00 +0000 (Fri, 01 Sep 2017)");
script_tag(name:"creation_date", value:"2016-11-22 11:05:47 +0530 (Tue, 22 Nov 2016)");
script_name("Apple Mac OS X Code Execution And Denial of Service Vulnerabilities");
script_tag(name:"summary", value:"Apple Mac OS X is prone to code execution and denial of service vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- a null pointer dereference error
- an improper processing of .png file by libpng
- multiple memory corruption errors
- an access issue in the parsing of maliciously crafted XML files
- multiple errors in PHP");
script_tag(name:"impact", value:"Successful exploitation will allow attacker
to execute arbitrary code or cause a denial of service and to obtain sensitive
information.");
script_tag(name:"affected", value:"Apple Mac OS X versions 10.10.x through
10.10.5 prior to build 14F1808");
script_tag(name:"solution", value:"Apply the appropriate patch.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"URL", value:"https://support.apple.com/en-us/HT206567");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/90696");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/77568");
script_xref(name:"URL", value:"https://support.apple.com/en-us/HT206903");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Mac OS X Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.10");
exit(0);
}
include("version_func.inc");
osName = get_kb_item("ssh/login/osx_name");
if(!osName)
exit(0);
osVer = get_kb_item("ssh/login/osx_version");
if(!osVer)
exit(0);
if("Mac OS X" >< osName && osVer =~ "^10\.10")
{
buildVer = get_kb_item("ssh/login/osx_build");
if(!buildVer){
exit(0);
}
if(osVer == "10.10.5" && version_is_less(version:buildVer, test_version:"14F1808"))
{
fix = "Apply patch from vendor";
osVer = osVer + " Build " + buildVer;
}
else if(version_in_range(version:osVer, test_version:"10.10", test_version2:"10.10.4")){
fix = "10.10.5 build 14F1808";
}
}
if(fix)
{
report = report_fixed_ver(installed_version:osVer, fixed_version:fix);
security_message(data:report);
exit(0);
}
exit(99);
Related
nessus
nessus
Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)
2016-07-19 00:00:00
Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)
2016-07-19 00:00:00
apple
apple
About the security content of iCloud for Windows 5.2.1 - Apple Support
2017-06-10 11:43:45
About the security content of iTunes 12.4.2 for Windows
2016-07-18 00:00:00
About the security content of iTunes 12.4.2 for Windows - Apple Support
2017-06-10 11:47:52
prion
prion
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
openvas
openvas
Slackware: Security Advisory (SSA:2016-148-03)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)
2020-01-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-706)
2016-10-26 00:00:00
slackware
slackware
[slackware-security] php
2016-05-27 23:33:54
[slackware-security] libxml2
2016-05-27 23:33:14
amazon
amazon
Medium: php56
2016-06-02 17:44:00
Medium: php55
2016-06-02 17:47:00
freebsd
freebsd
php -- multiple vulnerabilities
2016-05-26 00:00:00
ibm
ibm
mageia
mageia
Updated php packages fix security vulnerabilities
2016-06-03 00:40:03
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
Updated libpng/libpng12 packages fix security vulnerability
2015-11-20 01:08:19
rosalinux
rosalinux
Advisory ROSA-SA-2021-1906
2021-07-02 17:26:03
fedora
fedora
[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30
2019-06-18 18:15:35
[SECURITY] Fedora 22 Update: php-5.6.22-1.fc22
2016-06-03 15:23:06
[SECURITY] Fedora 23 Update: php-5.6.22-1.fc23
2016-05-29 22:23:00
debian
debian
[SECURITY] [DLA 533-1] php5 security update
2016-06-29 18:09:25
[SECURITY] [DLA 1860-1] libxslt security update
2019-07-22 16:16:47
[SECURITY] [DSA 3602-1] php5 security update
2016-06-14 15:43:55
cloudfoundry
cloudfoundry
CVE-2013-7456 and CVE-2016-5093 PHP vulnerabilities | Cloud Foundry
2016-06-08 00:00:00
f5
f5
K24322529 : libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449
2016-12-07 00:00:00
osv
osv
php5 - security update
2016-06-29 00:00:00
libxslt - security update
2019-07-22 00:00:00
seebug
seebug
talos
talos
Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability
2016-07-18 00:00:00
Apple Image I/O EXR Compression Remote Code Execution Vulnerability
2016-07-18 00:00:00
Apple Image I/O EXR Color Component Remote Code Execution Vulnerability
2016-07-18 00:00:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
suse
suse
Security update for php5 (important)
2016-06-11 14:14:42
Security update for libpng16 (important)
2015-11-25 21:14:06
veracode
veracode
Buffer Overflow
2017-02-08 02:19:46
Information Disclosure
2019-05-02 05:34:53
Denial Of Service
2019-01-15 09:14:46
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.06 Low
EPSS
Percentile
93.4%
Related for OPENVAS:1361412562310810210