- Home
- CVEs with nessus.description==The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the LibreSSL component due to a flaw in the ECDSA implementation that is triggered when not properly setting a flag in ECDSA signing nonces to indicate that only constant-time code paths should be followed. An unauthenticated, remote attacker can exploit this to conduct side-channel cache-timing attacks, allowing the attacker to recover the modular inversion state sequences and the ECDSA private keys. Note that this vulnerability does not affect Mac OS X 10.10.5.
(CVE-2016-7056)
- An integer overflow condition exists in the ImageIO component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted JPEG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432)
- Multiple memory corruption issues exist in the libxslt component that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2477)
- An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to cause an out-of-bounds write, potentially allowing the execution of arbitrary code.
(CVE-2017-5029)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top