English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.810929
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities-01 (Apr 2017)
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Description:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- The Wiki Server does not specify an explicit character set when serving
HTML documents in response to user requests.

- Multiple errors in SquirrelMail.

- A configuration issue exists in Apple's distribution of Samba, the server
used for SMB file sharing.

- An input validation error in the Ruby WEBrick HTTP server's handling of
error pages.

- A buffer overflow exists in libcurl's handling of gzip-compressed web
content.

- An integer overflow exists in AES and RC4 decryption operations of the
crypto library in the KDC server.

- Multiple integer overflows in the handling of TIFF files.

- A directory traversal issue exists in iChat's handling of inline
image transfers.

- A symlink following issue exists in Folder Manager.

- Multiple errors in Adobe Flash Player plug-in.

- An uninitialized memory read issue exists in the CUPS web interface's
handling of form variables.

- An use after free error exists in cupsd.

- A cross-site request forgery issue exists in the CUPS web interface.

Vulnerability Impact:
Successful exploitation will allow attacker
to conduct cross-site scripting attack, access sensitive information, cause
an unexpected application termination or arbitrary code execution, upload
files to arbitrary locations on the filesystem of a user and cause privilege
escalation.

Affected Software/OS:
Apple Mac OS X and Mac OS X Server
version 10.5.8, 10.6 through 10.6.3

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0540
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 40871
http://www.securityfocus.com/bid/40871
Debian Security Information: DSA-2176 (Google Search)
http://www.debian.org/security/2011/dsa-2176
http://security.gentoo.org/glsa/glsa-201207-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382
http://www.securitytracker.com/id?1024122
http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535
Common Vulnerability Exposure (CVE) ID: CVE-2010-0302
1024124
http://www.securitytracker.com/id?1024124
38510
http://www.securityfocus.com/bid/38510
38785
http://secunia.com/advisories/38785
38927
http://secunia.com/advisories/38927
38979
http://secunia.com/advisories/38979
40220
ADV-2010-1481
APPLE-SA-2010-06-15-1
FEDORA-2010-2743
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html
GLSA-201207-10
MDVSA-2010:073
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
RHSA-2010:0129
https://rhn.redhat.com/errata/RHSA-2010-0129.html
USN-906-1
http://www.ubuntu.com/usn/USN-906-1
http://cups.org/articles.php?L596
http://cups.org/str.php?L3490
http://support.apple.com/kb/HT4188
https://bugzilla.redhat.com/show_bug.cgi?id=557775
oval:org.mitre.oval:def:11216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216
Common Vulnerability Exposure (CVE) ID: CVE-2010-1748
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0545
http://securitytracker.com/id?1024103
Common Vulnerability Exposure (CVE) ID: CVE-2010-0186
BugTraq ID: 38198
http://www.securityfocus.com/bid/38198
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://www.osvdb.org/62300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518
RedHat Security Advisories: RHSA-2010:0102
https://rhn.redhat.com/errata/RHSA-2010-0102.html
RedHat Security Advisories: RHSA-2010:0103
https://rhn.redhat.com/errata/RHSA-2010-0103.html
http://www.redhat.com/support/errata/RHSA-2010-0114.html
http://securitytracker.com/id?1023585
http://secunia.com/advisories/38547
http://secunia.com/advisories/38639
http://secunia.com/advisories/38915
http://secunia.com/advisories/43026
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://www.vupen.com/english/advisories/2011/0192
Common Vulnerability Exposure (CVE) ID: CVE-2010-0187
BugTraq ID: 38200
http://www.securityfocus.com/bid/38200
http://www.exploit-db.com/exploits/11182
http://sebug.net/exploit/18967/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16125
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8393
Common Vulnerability Exposure (CVE) ID: CVE-2010-0546
Common Vulnerability Exposure (CVE) ID: CVE-2010-1374
Common Vulnerability Exposure (CVE) ID: CVE-2010-1411
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
BugTraq ID: 40823
http://www.securityfocus.com/bid/40823
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://marc.info/?l=oss-security&m=127731610612908&w=2
http://www.redhat.com/support/errata/RHSA-2010-0519.html
http://www.redhat.com/support/errata/RHSA-2010-0520.html
http://secunia.com/advisories/40181
http://secunia.com/advisories/40196
http://secunia.com/advisories/40381
http://secunia.com/advisories/40478
http://secunia.com/advisories/40527
http://secunia.com/advisories/40536
http://secunia.com/advisories/50726
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.ubuntu.com/usn/USN-954-1
http://www.vupen.com/english/advisories/2010/1435
http://www.vupen.com/english/advisories/2010/1512
http://www.vupen.com/english/advisories/2010/1638
http://www.vupen.com/english/advisories/2010/1731
http://www.vupen.com/english/advisories/2010/1761
Common Vulnerability Exposure (CVE) ID: CVE-2009-4212
BugTraq ID: 37749
http://www.securityfocus.com/bid/37749
Debian Security Information: DSA-1969 (Google Search)
http://www.debian.org/security/2010/dsa-1969
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
HPdes Security Advisory: HPSBOV02682
http://marc.info/?l=bugtraq&m=130497213107107&w=2
HPdes Security Advisory: SSRT100495
http://www.mandriva.com/security/advisories?name=MDVSA-2010:006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192
RedHat Security Advisories: RHSA-2010:0029
https://rhn.redhat.com/errata/RHSA-2010-0029.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.securitytracker.com/id?1023440
http://secunia.com/advisories/38080
http://secunia.com/advisories/38108
http://secunia.com/advisories/38126
http://secunia.com/advisories/38140
http://secunia.com/advisories/38184
http://secunia.com/advisories/38203
http://secunia.com/advisories/38696
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
http://ubuntu.com/usn/usn-881-1
http://www.vupen.com/english/advisories/2010/0096
http://www.vupen.com/english/advisories/2010/0129
Common Vulnerability Exposure (CVE) ID: CVE-2010-0734
20101027 rPSA-2010-0072-1 curl
http://www.securityfocus.com/archive/1/514490/100/0/threaded
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
38843
http://secunia.com/advisories/38843
38981
http://secunia.com/advisories/38981
39087
http://secunia.com/advisories/39087
39734
http://secunia.com/advisories/39734
45047
http://secunia.com/advisories/45047
48256
http://secunia.com/advisories/48256
ADV-2010-0571
http://www.vupen.com/english/advisories/2010/0571
ADV-2010-0602
http://www.vupen.com/english/advisories/2010/0602
ADV-2010-0660
http://www.vupen.com/english/advisories/2010/0660
ADV-2010-0725
http://www.vupen.com/english/advisories/2010/0725
DSA-2023
http://www.debian.org/security/2010/dsa-2023
FEDORA-2010-2720
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
FEDORA-2010-2762
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
GLSA-201203-02
http://security.gentoo.org/glsa/glsa-201203-02.xml
MDVSA-2010:062
http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
RHSA-2010:0329
http://www.redhat.com/support/errata/RHSA-2010-0329.html
USN-1158-1
http://www.ubuntu.com/usn/USN-1158-1
[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0
http://www.openwall.com/lists/oss-security/2010/02/09/5
[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0
http://www.openwall.com/lists/oss-security/2010/03/09/1
[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0
http://www.openwall.com/lists/oss-security/2010/03/16/11
http://curl.haxx.se/docs/adv_20100209.html
http://curl.haxx.se/docs/security.html#20100209
http://curl.haxx.se/libcurl-contentencoding.patch
http://support.avaya.com/css/P8/documents/100081819
http://wiki.rpath.com/Advisories:rPSA-2010-0072
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=563220
oval:org.mitre.oval:def:10760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
oval:org.mitre.oval:def:6756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
Common Vulnerability Exposure (CVE) ID: CVE-2010-0541
BugTraq ID: 40895
http://www.securityfocus.com/bid/40895
http://www.mandriva.com/security/advisories?name=MDVSA-2011:097
http://www.mandriva.com/security/advisories?name=MDVSA-2011:098
http://www.redhat.com/support/errata/RHSA-2011-0908.html
http://www.redhat.com/support/errata/RHSA-2011-0909.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1381
Common Vulnerability Exposure (CVE) ID: CVE-2009-1578
BugTraq ID: 34916
http://www.securityfocus.com/bid/34916
Debian Security Information: DSA-1802 (Google Search)
http://www.debian.org/security/2009/dsa-1802
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
http://osvdb.org/60468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624
http://www.redhat.com/support/errata/RHSA-2009-1066.html
http://secunia.com/advisories/35052
http://secunia.com/advisories/35073
http://secunia.com/advisories/35140
http://secunia.com/advisories/35259
http://secunia.com/advisories/37415
http://www.vupen.com/english/advisories/2009/1296
http://www.vupen.com/english/advisories/2009/3315
XForce ISS Database: squirrelmail-decryptheaders-xss(50460)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50460
XForce ISS Database: squirrelmail-phpself-xss(50459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50459
Common Vulnerability Exposure (CVE) ID: CVE-2009-1579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986
XForce ISS Database: squirrelmail-mapypalias-code-execution(50461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50461
Common Vulnerability Exposure (CVE) ID: CVE-2009-1580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107
XForce ISS Database: squirrelmail-baseuri-session-hijacking(50462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50462
Common Vulnerability Exposure (CVE) ID: CVE-2009-1581
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441
XForce ISS Database: squirrelmail-css-xss(50463)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50463
Common Vulnerability Exposure (CVE) ID: CVE-2009-2964
BugTraq ID: 36196
http://www.securityfocus.com/bid/36196
Debian Security Information: DSA-2091 (Google Search)
http://www.debian.org/security/2010/dsa-2091
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html
http://jvn.jp/en/jp/JVN30881447/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
http://www.osvdb.org/57001
http://osvdb.org/60469
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
http://secunia.com/advisories/34627
http://secunia.com/advisories/36363
http://secunia.com/advisories/40964
http://www.vupen.com/english/advisories/2009/2262
http://www.vupen.com/english/advisories/2010/2080
XForce ISS Database: squirrelmail-unspecified-csrf(52406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
Common Vulnerability Exposure (CVE) ID: CVE-2010-1382
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.