Mac OS X Local Security Checks : Apple Mac OS X Multiple Vulnerabilities-02 (Nov 2016)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.810220
Category:	Mac OS X Local Security Checks
Title:	Apple Mac OS X Multiple Vulnerabilities-02 (Nov 2016)
Summary:	Apple Mac OS X is prone to multiple vulnerabilities.
Description:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The windowServer does not prevent session creation by a sandboxed application. - A format string error in CoreServicesUIAgent. - The Intel Graphics Driver does not properly validate a certain pointer. - A buffer overflow error in ImageIO. - An improper implementation of power management. - The kernel places a kernel pointer into an XNU object data structure accessible from user space. - An error in Heimdal Kerberos. - An error in CFNetwork HTTPProtocol. - An error in IOKit Kernel. - An integer overflow issue existed in LibYAML's handling of YAML tags. - A heap-based buffer overflow issue error in Ruby. - An error in secure transport regarding renegotiation. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code or cause a denial of service (memory corruption), to gain sensitive information and to bypass certain protection mechanism and have other impacts. Affected Software/OS: Apple Mac OS X versions 10.9.x through 10.9.2 Solution: Updates are available. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1314 http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1315 Common Vulnerability Exposure (CVE) ID: CVE-2014-1316 Common Vulnerability Exposure (CVE) ID: CVE-2014-1318 Common Vulnerability Exposure (CVE) ID: CVE-2014-1319 Common Vulnerability Exposure (CVE) ID: CVE-2014-1321 Common Vulnerability Exposure (CVE) ID: CVE-2014-1322 Common Vulnerability Exposure (CVE) ID: CVE-2014-1296 http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1320 Common Vulnerability Exposure (CVE) ID: CVE-2013-6393 http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html BugTraq ID: 65258 http://www.securityfocus.com/bid/65258 Debian Security Information: DSA-2850 (Google Search) http://www.debian.org/security/2014/dsa-2850 Debian Security Information: DSA-2870 (Google Search) http://www.debian.org/security/2014/dsa-2870 http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff http://osvdb.org/102716 RedHat Security Advisories: RHSA-2014:0353 http://rhn.redhat.com/errata/RHSA-2014-0353.html RedHat Security Advisories: RHSA-2014:0354 http://rhn.redhat.com/errata/RHSA-2014-0354.html RedHat Security Advisories: RHSA-2014:0355 http://rhn.redhat.com/errata/RHSA-2014-0355.html SuSE Security Announcement: openSUSE-SU-2014:0272 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html SuSE Security Announcement: openSUSE-SU-2014:0273 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html SuSE Security Announcement: openSUSE-SU-2015:0319 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html SuSE Security Announcement: openSUSE-SU-2016:1067 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html http://www.ubuntu.com/usn/USN-2098-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4164 BugTraq ID: 63873 http://www.securityfocus.com/bid/63873 Debian Security Information: DSA-2809 (Google Search) http://www.debian.org/security/2013/dsa-2809 Debian Security Information: DSA-2810 (Google Search) http://www.debian.org/security/2013/dsa-2810 http://osvdb.org/100113 RedHat Security Advisories: RHSA-2013:1763 http://rhn.redhat.com/errata/RHSA-2013-1763.html RedHat Security Advisories: RHSA-2013:1764 http://rhn.redhat.com/errata/RHSA-2013-1764.html RedHat Security Advisories: RHSA-2013:1767 http://rhn.redhat.com/errata/RHSA-2013-1767.html RedHat Security Advisories: RHSA-2014:0011 http://rhn.redhat.com/errata/RHSA-2014-0011.html RedHat Security Advisories: RHSA-2014:0215 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://secunia.com/advisories/55787 http://secunia.com/advisories/57376 SuSE Security Announcement: SUSE-SU-2013:1897 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:1834 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html SuSE Security Announcement: openSUSE-SU-2013:1835 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html http://www.ubuntu.com/usn/USN-2035-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-1295 https://secure-resumption.com/
Copyright	Copyright (C) 2016 Greenbone AG