Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310832799
HistoryJan 23, 2024 - 12:00 a.m.

Apple Mac OS X Security Update (HT214058)

2024-01-2300:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
17
apple mac os x
security update
vulnerabilities
memory handling
private data redaction
upgrade
version 13.6.4
macos ventura

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.014

Percentile

86.9%

JSON

Apple Mac OS X is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832799");
  script_version("2024-06-21T05:05:42+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2024-23212", "CVE-2023-42937", "CVE-2023-40528", "CVE-2023-38545",
                "CVE-2023-38039", "CVE-2023-38546", "CVE-2023-42915", "CVE-2024-23224",
                "CVE-2023-42888", "CVE-2023-42935", "CVE-2024-23207", "CVE-2023-42887",
                "CVE-2024-23222", "CVE-2024-27791");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-06-21 05:05:42 +0000 (Fri, 21 Jun 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-10-25 13:24:00 +0000 (Wed, 25 Oct 2023)");
  script_tag(name:"creation_date", value:"2024-01-23 18:16:35 +0530 (Tue, 23 Jan 2024)");
  script_name("Apple Mac OS X Security Update (HT214058)");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to,

  - A privacy issue was addressed with improved private data redaction for log entries.

  - The issue was addressed with improved memory handling.

  For more information about the vulnerabilities refer to Reference links.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to conduct arbitrary code execution, information disclosure and also to bypass
  certain privacy preferences on an affected system.");

  script_tag(name:"affected", value:"Apple Mac OS X Ventura prior to
  version 13.6.4.");

  script_tag(name:"solution", value:"Upgrade to version 13.6.4 for macOS Ventura.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT214058");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^13\.");
  exit(0);
}

include("version_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit(0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer || osVer !~ "^13\." || "Mac OS X" >!< osName) {
  exit(0);
}

if(version_is_less(version:osVer, test_version:"13.6.4")) {
  report = report_fixed_ver(installed_version:osVer, fixed_version:"13.6.4");
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

apple 4
nessus 53
openvas 32
ibm 9
kaspersky 2
redhat 5
fedora 6
redos 1
oraclelinux 2
qualysblog 1
cloudfoundry 1
slackware 1
amazon 2
ubuntu 3
aix 1
osv 10
debian 1
almalinux 2
thn 2
mageia 1
cisco 1
paloalto 1
rocky 1
cvelist 10
photon 3
prion 10
cve 11
nvd 11
vulnrichment 2
zdi 1
cbl_mariner 2
hackerone 2
freebsd 1
debiancve 1
ubuntucve 1
alpinelinux 1
veracode 1
apple
apple
About the security content of macOS Ventura 13.6.4
2024-01-22 00:00:00
About the security content of macOS Monterey 12.7.3
2024-01-22 00:00:00
About the security content of iOS 16.7.5 and iPadOS 16.7.5
2024-01-22 00:00:00
nessus
nessus
macOS 13.x < 13.6.4 Multiple Vulnerabilities (HT214058)
2024-01-22 00:00:00
macOS 12.x < 12.7.3 Multiple Vulnerabilities (HT214057)
2024-01-22 00:00:00
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2023-284-01)
2023-10-11 00:00:00
openvas
openvas
Apple Mac OS X Security Updates (HT214057)
2024-01-23 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1055)
2024-01-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1005)
2024-01-05 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2023-12-20 19:12:57
Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments
2024-04-04 10:41:34
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.
2024-03-13 14:31:39
kaspersky
kaspersky
KLA61541 Multiple vulnerabilities in Microsoft Windows
2023-10-19 00:00:00
KLA61542 PE vulnerability in Microsoft Mariner
2023-10-19 00:00:00
redhat
redhat
(RHSA-2023:5700) Important: curl security update
2023-10-13 21:38:55
(RHSA-2023:6745) Important: curl security update
2023-11-07 10:08:50
(RHSA-2023:5763) Important: curl security update
2023-10-17 08:40:49
fedora
fedora
[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39
2023-10-16 15:27:49
[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38
2023-10-14 01:32:18
[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37
2023-10-28 01:25:37
redos
redos
ROS-20231016-05
2023-10-16 00:00:00
oraclelinux
oraclelinux
curl security update
2023-11-16 00:00:00
curl security update
2023-10-18 00:00:00
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
cloudfoundry
cloudfoundry
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
slackware
slackware
[slackware-security] curl
2023-10-11 06:45:13
amazon
amazon
Important: curl
2023-10-10 21:19:00
Important: curl
2023-09-27 22:48:00
ubuntu
ubuntu
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
curl vulnerability
2023-09-13 00:00:00
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
osv
osv
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
curl vulnerabilities
2023-10-17 11:22:48
debian
debian
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:58:41
almalinux
almalinux
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
thn
thn
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
2023-10-12 04:39:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
rocky
rocky
curl security update
2023-10-24 18:36:52
cvelist
cvelist
CVE-2024-23212
2024-01-23 00:25:29
CVE-2023-42937
2024-01-23 00:25:36
CVE-2023-42887
2024-01-23 00:25:38
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0113
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0667
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0487
2023-10-11 00:00:00
prion
prion
Design/Logic Flaw
2024-01-23 01:15:00
Authentication flaw
2024-01-23 01:15:00
Information disclosure
2024-01-23 01:15:00
cve
cve
CVE-2024-23224
2024-01-23 01:15:11
CVE-2023-42935
2024-01-23 01:15:10
CVE-2023-42937
2024-01-23 01:15:10
nvd
nvd
CVE-2023-42887
2024-01-23 01:15:09
CVE-2024-23224
2024-01-23 01:15:11
CVE-2024-23207
2024-01-23 01:15:10
vulnrichment
vulnrichment
CVE-2024-23207
2024-01-23 00:25:21
CVE-2024-27791
2024-04-24 16:43:44
zdi
zdi
Apple macOS ImageIO MPO Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2024-02-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-38039 affecting package curl for versions less than 8.3.0-1
2023-10-11 01:41:59
CVE-2023-38039 affecting package tensorflow for versions less than 2.16.1-1
2024-04-17 22:02:46
hackerone
hackerone
curl: CVE-2023-38039: HTTP header allocation DOS
2023-07-17 12:43:20
Internet Bug Bounty: [curl] CVE-2023-38039: HTTP header allocation DOS
2023-09-13 14:52:07
freebsd
freebsd
curl -- HTTP headers eat all memory
2023-09-13 00:00:00
debiancve
debiancve
CVE-2023-38039
2023-09-15 04:15:10
ubuntucve
ubuntucve
CVE-2023-38039
2023-09-13 00:00:00
alpinelinux
alpinelinux
CVE-2023-38039
2023-09-15 04:15:10
veracode
veracode
Denial Of Service (DoS)
2023-10-02 20:08:01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.014

Percentile

86.9%

JSON
Related for OPENVAS:1361412562310832799
apple4nessus53openvas32ibm9kaspersky2redhat5fedora6redos1oraclelinux2qualysblog1cloudfoundry1slackware1amazon2ubuntu3aix1osv10debian1almalinux2thn2mageia1cisco1paloalto1rocky1cvelist10photon3prion10cve11nvd11vulnrichment2zdi1cbl_mariner2hackerone2freebsd1debiancve1ubuntucve1alpinelinux1veracode1