- Home
- CVEs with nessus.description==The remote host is running a version of Mac OS X 10.8 or 10.9 that
does not have Security Update 2014-005 applied. This update contains
several security-related fixes for the following issues :
- A command injection vulnerability in GNU Bash known as
Shellshock. The vulnerability is due to the processing
of trailing strings after function definitions in the
values of environment variables. This allows a remote
attacker to execute arbitrary code via environment
variable manipulation depending on the configuration of
the system. (CVE-2014-6271, CVE-2014-7169)
- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. A MitM attacker can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)
Note that successful exploitation of the most serious issues can
result in arbitrary code execution.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top