Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities-01 April-2017
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- The Wiki Server does not specify an explicit character set when serving
HTML documents in response to user requests.

- Multiple errors in SquirrelMail.

- A configuration issue exists in Apple's distribution of Samba, the server
used for SMB file sharing.

- An input validation error in the Ruby WEBrick HTTP server's handling of
error pages.

- A buffer overflow exists in libcurl's handling of gzip-compressed web

- An integer overflow exists in AES and RC4 decryption operations of the
crypto library in the KDC server.

- Multiple integer overflows in the handling of TIFF files.

- A directory traversal issue exists in iChat's handling of inline
image transfers.

- A symlink following issue exists in Folder Manager.

- Multiple errors in Adobe Flash Player plug-in.

- An uninitialized memory read issue exists in the CUPS web interface's
handling of form variables.

- An use after free error exists in cupsd.

- A cross-site request forgery issue exists in the CUPS web interface.

Vulnerability Impact:
Successful exploitation will allow attacker
to conduct cross-site scripting attack, access sensitive information, cause
an unexpected application termination or arbitrary code execution, upload
files to arbitrary locations on the filesystem of a user and cause privilege

Affected Software/OS:
Apple Mac OS X and Mac OS X Server
version 10.5.8, 10.6 through 10.6.3

The vendor has released updates. Please see the references for more information.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0540
BugTraq ID: 40871
Debian Security Information: DSA-2176 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0302
BugTraq ID: 38510
RedHat Security Advisories: RHSA-2010:0129
Common Vulnerability Exposure (CVE) ID: CVE-2010-1748
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0545
Common Vulnerability Exposure (CVE) ID: CVE-2010-0186
BugTraq ID: 38198
RedHat Security Advisories: RHSA-2010:0102
RedHat Security Advisories: RHSA-2010:0103
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0187
BugTraq ID: 38200
Common Vulnerability Exposure (CVE) ID: CVE-2010-0546
Common Vulnerability Exposure (CVE) ID: CVE-2010-1374
Common Vulnerability Exposure (CVE) ID: CVE-2010-1411
BugTraq ID: 40823
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-4212
BugTraq ID: 37749
Debian Security Information: DSA-1969 (Google Search)
HPdes Security Advisory: HPSBOV02682
HPdes Security Advisory: SSRT100495
RedHat Security Advisories: RHSA-2010:0029
RedHat Security Advisories: RHSA-2010:0095
Common Vulnerability Exposure (CVE) ID: CVE-2010-0734
Bugtraq: 20101027 rPSA-2010-0072-1 curl (Google Search)
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
Debian Security Information: DSA-2023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0541
BugTraq ID: 40895
Common Vulnerability Exposure (CVE) ID: CVE-2010-1381
Common Vulnerability Exposure (CVE) ID: CVE-2009-1578
BugTraq ID: 34916
Debian Security Information: DSA-1802 (Google Search)
XForce ISS Database: squirrelmail-decryptheaders-xss(50460)
XForce ISS Database: squirrelmail-phpself-xss(50459)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1579
XForce ISS Database: squirrelmail-mapypalias-code-execution(50461)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1580
XForce ISS Database: squirrelmail-baseuri-session-hijacking(50462)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1581
XForce ISS Database: squirrelmail-css-xss(50463)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2964
BugTraq ID: 36196
Debian Security Information: DSA-2091 (Google Search)
XForce ISS Database: squirrelmail-unspecified-csrf(52406)
Common Vulnerability Exposure (CVE) ID: CVE-2010-1382
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.