Lucene search

Tenable8981.PRM

HistoryOct 16, 2015 - 12:00 a.m.

Mac OS X < 10.10.5 Multiple Vulnerabilities

2015-10-1600:00:00

Tenable

www.tenable.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.918 High

EPSS

Percentile

98.9%

JSON

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
Apple ID OD Plug-in (CVE-2015-3799)
AppleGraphicsControl (CVE-2015-5768)
Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
bootp (CVE-2015-3778)
CloudKit (CVE-2015-3782)
CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
CoreText (CVE-2015-5761, CVE-2015-5755)
curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
Data Detectors Engine (CVE-2015-5750)
Date & Time pref pane (CVE-2015-3757)
Dictionary Application (CVE-2015-3774)
DiskImages (CVE-2015-3800)
dyld (CVE-2015-3760)
FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
groff (CVE-2009-5044, CVE-2009-5078)
ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
IOGraphics (CVE-2015-3770, CVE-2015-5783)
IOHIDFamily (CVE-2015-5774)
Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
Libinfo (CVE-2015-5776)
libpthread (CVE-2015-5757)
libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
libxpc (CVE-2015-3795)
mail_cmds (CVE-2014-7844)
Notification Center OSX (CVE-2015-3764)
ntfs (CVE-2015-5763)
OpenSSH (CVE-2015-5600)
OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
perl (CVE-2013-7422)
PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
QL Office (CVE-2015-5773, CVE-2015-3784)
Quartz Composer Framework (CVE-2015-5771)
Quick Look (CVE-2015-3781)
QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
SceneKit (CVE-2015-5772, CVE-2015-3783)
Security (CVE-2015-3775)
SMBClient (CVE-2015-3773)
Speech UI (CVE-2015-3794)
sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
Text Formats (CVE-2015-3762)
udf (CVE-2015-3767)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Binary data 8981.prm

VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

Vendor	Product	Version	CPE
apple	mac_os_x		cpe:/o:apple:mac_os_x

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5044

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5078

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2777

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7040

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7338

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7422

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3620

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8151

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3757

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3760

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3761

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3762

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3764

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3765

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3766

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3767

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3768

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3769

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3770

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3771

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3773

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3774

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3775

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3777

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3778

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3779

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3780

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3781

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3782

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3783

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3784

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3786

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3787

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3788

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3789

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3790

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3791

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3792

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3794

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3795

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3796

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3797

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3798

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3799

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3800

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3802

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3803

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3804

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3805

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3806

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4147

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5747

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5748

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5750

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5751

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5753

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5754

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5755

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5756

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5757

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5758

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5761

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5763

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5768

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5771

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5773

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5774

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5775

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5777

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5778

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5779

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5781

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5782

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5783

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5784

support.apple.com/en-us/HT205031

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.918 High

EPSS

Percentile

98.9%

JSON

Mac OS X < 10.10.5 Multiple Vulnerabilities

References

Related