Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO -...

Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation -...

Apple TV < 7.0.2 Multiple Vulnerabilities

Binary data 8939.prm...

MS KB3033929: Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2

The remote host is missing Microsoft KB3033929, an update that improves cryptography and digital certificate handling in Windows 7 and Windows Server 2008 R2. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid81731; scriptversion"1.3"; scriptcvsdate"Date: 2018/11/15...

Apple iOS 8.x < 8.1.1 Multiple Vulnerabilities.

Binary data 8940.prm...

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

Code injection

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

CVE-2014-4455

CVE-2014-4455 concerns a Mach-O segment overlap handling bug in dyld (iOS before 8.1.1 and Apple TV before 7.0.2) that lets a local user bypass code-signing restrictions via a crafted file. The root cause is improper validation of overlapping Mach-O segments, enabling unsigned code execution. The...

Apple Offers Lukewarm Response to Masque Vulnerability

Apple said it is not aware of any customers affected by the Masque vulnerability disclosed earlier this week, and made no mention of a timeline when it might release an update patching the security hole. Masque is a vulnerability in iOS 7.1.1 and up that puts Apple mobile devices at risk to malwa...

Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)

Binary data 8555.prm...

CVE-2014-4391

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

Design/Logic Flaw

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

CVE-2014-4391

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource...

CVE-2014-4391

Apple OS X before 10.10 is affected by CVE-2014-4391. The issue is in Code Signing where incomplete resource envelopes in signed bundles can bypass app-author restrictions by omitting an execution-related resource, enabling potential execution of tampered code. The vulnerability arises from how t...

Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Doc...

Karsten Nohl BadUSB Patch Fall Short of a Fix

Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem. The attack code and subsequent patch is a response to the BadUSB research released during Black Hat this summer, yet, the fix...

Microsoft Windows Kernel Intel x64 SYSRET PoC

No description provided by source. Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...