Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
Summary:This host is running Apple Mac OS X and; is prone to multiple vulnerabilities.
This host is running Apple Mac OS X and
is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Permanent cookies were saved after quitting Safari, even when Private
Browsing was enabled.

- An unbounded stack allocation issue existed in the handling of text glyphs.

- A privilege escalation issue existed in the handling of CUPS configuration
via the CUPS web interface.

- A local user who is not an administrator may disable FileVault using the

- A buffer overflow existed in the handling of MP3 files.

- A buffer overflow existed in the handling of FPX files.

- A memory corruption issue existed in the handling of QTIF files.

- A buffer overflow existed in the handling of 'enof' atoms.

- Multiple errors in OpenSSL.

- There were known attacks on the confidentiality of TLS 1.0 when compression
was enabled.

- An uninitialized memory access issue existed in the handling of text tracks.

- A buffer overflow existed in the handling of PICT images.

- If SMB file sharing is enabled, an authenticated user may be able to write
files outside the shared directory.

Vulnerability Impact:
Successful exploitation will allow
attackers to, execute arbitrary code or cause a denial of service or
lead to an unexpected application termination.

Affected Software/OS:
Apple Mac OS X version 10.8 to 10.8.3,
10.7 to 10.7.5 and 10.6.8

Upgrade to Apple Mac OS X version 10.8.4
or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0982
Common Vulnerability Exposure (CVE) ID: CVE-2013-0983
Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
BugTraq ID: 56494
RedHat Security Advisories: RHSA-2013:0580
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
XForce ISS Database: cups-systemgroup-priv-esc(80012)
Common Vulnerability Exposure (CVE) ID: CVE-2013-0985
Common Vulnerability Exposure (CVE) ID: CVE-2013-0989
Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
BugTraq ID: 55704
Debian Security Information: DSA-2579 (Google Search)
Debian Security Information: DSA-2627 (Google Search)
Debian Security Information: DSA-3253 (Google Search)
HPdes Security Advisory: HPSBUX02866
HPdes Security Advisory: SSRT101139
RedHat Security Advisories: RHSA-2013:0587
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1945
CERT/CC vulnerability note: VU#536044
Debian Security Information: DSA-2309 (Google Search)
SuSE Security Announcement: SUSE-SU-2011:0636 (Google Search)
SuSE Security Announcement: openSUSE-SU-2011:0634 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3207
HPdes Security Advisory: HPSBMU02752
HPdes Security Advisory: SSRT100802
Common Vulnerability Exposure (CVE) ID: CVE-2011-3210
HPdes Security Advisory: HPSBUX02734
HPdes Security Advisory: SSRT100729
Common Vulnerability Exposure (CVE) ID: CVE-2011-4108
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2390 (Google Search)
HPdes Security Advisory: HPSBMU02776
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBOV02793
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100877
HPdes Security Advisory: SSRT100891
RedHat Security Advisories: RHSA-2012:1306
RedHat Security Advisories: RHSA-2012:1307
RedHat Security Advisories: RHSA-2012:1308
SuSE Security Announcement: SUSE-SU-2012:0084 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0083 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4109
XForce ISS Database: openssl-policy-checks-dos(72129)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4576
Common Vulnerability Exposure (CVE) ID: CVE-2011-4577
Common Vulnerability Exposure (CVE) ID: CVE-2011-4619
HPdes Security Advisory: HPSBUX02782
HPdes Security Advisory: SSRT100844
Common Vulnerability Exposure (CVE) ID: CVE-2012-0050
BugTraq ID: 51563
Debian Security Information: DSA-2392 (Google Search)
HPdes Security Advisory: HPSBUX02737
HPdes Security Advisory: SSRT100747
Common Vulnerability Exposure (CVE) ID: CVE-2012-2110
BugTraq ID: 53158
Debian Security Information: DSA-2454 (Google Search)
HPdes Security Advisory: HPSBMU02900
HPdes Security Advisory: SSRT101210
RedHat Security Advisories: RHSA-2012:0518
RedHat Security Advisories: RHSA-2012:0522
SuSE Security Announcement: SUSE-SU-2012:0623 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0637 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1149 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2131
BugTraq ID: 53212
XForce ISS Database: openssl-asn1-code-execution(75099)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2333
BugTraq ID: 53476
Debian Security Information: DSA-2475 (Google Search)
HPdes Security Advisory: HPSBOV02852
HPdes Security Advisory: HPSBUX02814
HPdes Security Advisory: SSRT100930
HPdes Security Advisory: SSRT101108
RedHat Security Advisories: RHSA-2012:0699
SuSE Security Announcement: SUSE-SU-2012:0678 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0679 (Google Search)
XForce ISS Database: openssl-tls-record-dos(75525)
Common Vulnerability Exposure (CVE) ID: CVE-2013-0986
Common Vulnerability Exposure (CVE) ID: CVE-2013-0987
Common Vulnerability Exposure (CVE) ID: CVE-2013-0988
Common Vulnerability Exposure (CVE) ID: CVE-2013-0990
Common Vulnerability Exposure (CVE) ID: CVE-2013-0975
Common Vulnerability Exposure (CVE) ID: CVE-2013-1024
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.