According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions
__nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2().
This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

The remote Cisco device is running a version of Cisco IOS XR software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

Note that this issue only affects Cisco Network Convergence System 6000 Series routers.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)

Use after free vulnerability was reported in PHP DateTimeZone.
(CVE-2015-0273)

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components :

  - Admin Framework
  - afpserver
  - apache
  - AppleFSCompression
  - AppleGraphicsControl
  - AppleThunderboltEDMService
  - ATS
  - Bluetooth
  - Certificate Trust Policy
  - CFNetwork HTTPAuthentication
  - CoreText
  - coreTLS
  - DiskImages
  - Display Drivers
  - EFI
  - FontParser
  - Graphics Driver
  - ImageIO
  - Install Framework Legacy
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOFireWireFamily
  - Kernel
  - kext tools
  - Mail
  - ntfs
  - ntp
  - OpenSSL
  - QuickTime
  - Security
  - Spotlight
  - SQLite
  - System Stats
  - TrueTypeScaler
  - zip

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Address Book
  - AirScan
  - apache_mod_php
  - Apple Online Store Kit
  - AppleEvents
  - Audio
  - bash
  - Certificate Trust Policy
  - CFNetwork Cookies
  - CFNetwork FTPProtocol
  - CFNetwork HTTPProtocol
  - CFNetwork Proxies
  - CFNetwork SSL
  - CoreCrypto
  - CoreText
  - Dev Tools
  - Disk Images
  - dyld
  - EFI
  - Finder
  - Game Center
  - Heimdal
  - ICU
  - Install Framework Legacy
  - Intel Graphics Driver
  - IOAudioFamily
  - IOGraphics
  - IOHIDFamily
  - IOStorageFamily
  - Kernel
  - libc
  - libpthread
  - libxpc
  - Login Window
  - lukemftpd
  - Mail
  - Multipeer Connectivity
  - NetworkExtension
  - Notes
  - OpenSSH
  - OpenSSL
  - procmail
  - remote_cmds
  - removefile
  - Ruby
  - Safari
  - Safari Downloads
  - Safari Extensions
  - Safari Safe Browsing
  - Security
  - SMB
  - SQLite
  - Telephony
  - Terminal
  - tidy
  - Time Machine
  - WebKit
  - WebKit CSS
  - WebKit JavaScript Bindings
  - WebKit Page Loading
  - WebKit Plug-ins

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11 and is affected by multiple vulnerabilities in the following components : 

 - Address Book 
 - AirScan 
 - apache_mod_php 
 - Apple Online Store Kit 
 - AppleEvents 
 - Audio 
 - bash 
 - Certificate Trust Policy 
 - CFNetwork Cookies - CFNetwork FTPProtocol 
 - CFNetwork HTTPProtocol 
 - CFNetwork Proxies 
 - CFNetwork SSL 
 - CoreCrypto 
 - CoreText 
 - Dev Tools 
 - Disk Images 
 - dyld 
 - EFI 
 - Finder 
 - Game Center 
 - Heimdal 
 - ICU 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAudioFamily 
 - IOGraphics 
 - IOHIDFamily 
 - IOStorageFamily 
 - Kernel 
 - libc 
 - libpthread 
 - libxpc 
 - Login Window 
 - lukemftpd 
 - Mail 
 - Multipeer Connectivity 
 - NetworkExtension 
 - Notes 
 - OpenSSH 
 - OpenSSL 
 - procmail 
 - remote_cmds 
 - removefile 
 - Ruby 
 - Safari 
 - Safari Downloads 
 - Safari Extensions 
 - Safari Safe Browsing 
 - Security 
 - SMB 
 - SQLite 
 - Telephony 
 - Terminal 
 - tidy 
 - Time Machine 
 - WebKit 
 - WebKit CSS 
 - WebKit JavaScript Bindings 
 - WebKit Page Loading 
 - WebKit Plug-ins

Versions of PHP 5.4.x earlier than 5.4.38, 5.5.x earlier than 5.5.22, or 5.6.x earlier than 5.6.6 are exposed to the following issues :

  - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (GHOST) (Bug 68925 / CVE-2015-0235)

  - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (Bug 68942 / CVE-2015-0273)

  - A use-after-free flaw exists in the function 'phar_rename_archive' in the source file 'phar_object.c'. An attacker can cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. (Bug 68901 / CVE-2015-2301)

  - A heap-based buffer overflow flaw affects the 'enchant_broker_request_dict' function in the source file 'ext/enchant/enchant.c'. This allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. (Bug 68552 / CVE-2014-9705) 

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.4 and the following components contain vulnerabilities :

  - Admin Framework 
-  afpserver 
 - apache 
 - AppleFSCompression 
 - AppleGraphicsControl 
 - AppleThunderboltEDMService 
 - ATS 
 - Bluetooth 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - Display Drivers 
 - EFI 
 - FontParser 
 - Graphics Driver 
 - ImageIO 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAcceleratorFamily 
 - IOFireWireFamily 
 - Kernel 
 - kext tools 
 - Mail 
 - ntfs 
 - ntp 
 - OpenSSL 
 - QuickTime 
 - Security 
 - Spotlight 
 - SQLite 
 - System Stats 
 - TrueTypeScaler 
 - zip

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.1 and is affected by multiple vulnerabilities in the following components :

 - Accelerate Framework (CVE-2015-5940)
 - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
 - ATS (CVE-2015-6985)
 - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)
 - Bom (CVE-2015-7006)
 - CFNetwork (CVE-2015-7023)
 - configd (CVE-2015-7015)
 - CoreGraphics (CVE-2015-5925, CVE-2015-5926)
 - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)
 - Directory Utility (CVE-2015-6980)
 - Disk Images (CVE-2015-6995)
 - EFI (CVE-2015-7035)
 - File Bookmark (CVE-2015-6987)
 - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)
 - Grand Central Dispatch (CVE-2015-6989)
 - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)
 - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)
 - IOAcceleratorFamily (CVE-2015-6996)
 - IOHIDFamily (CVE-2015-6974)
 - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)
 - libarchive (CVE-2015-6984)
 - MCX Application Restrictions (CVE-2015-7016)
 - Net-SNMP (CVE-2014-3565, CVE-2012-6151)
 - OpenGL (CVE-2015-5924)
 - OpenSSH (CVE-2015-6563)
 - Sandbox (CVE-2015-5945)
 - Script Editor (CVE-2015-7007)
 - Security (CVE-2015-6983, CVE-2015-7024)
 - SecurityAgent (CVE-2015-5943)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Published	Updated	Severity
81546	Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST)	Nessus	CISCO	2/26/2015	4/11/2022	critical
81596	Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)	Nessus	CISCO	3/2/2015	4/8/2021	critical
81829	Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST)	Nessus	Amazon Linux Local Security Checks	3/17/2015	4/18/2018	high
84489	Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)	Nessus	MacOS X Local Security Checks	7/1/2015	5/28/2024	critical
86270	Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)	Nessus	MacOS X Local Security Checks	10/5/2015	6/20/2019	critical
8982	Mac OS X < 10.11 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/28/2015	3/6/2019	critical
8677	PHP 5.4.x < 5.4.38 / 5.5.x < 5.5.22 / 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)	Nessus Network Monitor	Web Servers	4/9/2015	3/6/2019	critical
8801	Mac OS X < 10.10.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/12/2015	3/6/2019	critical
9324	Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	5/27/2016	3/6/2019	critical

Detections

Analytics

Plugins Search

critical

critical

high

critical

critical

critical

critical

critical

critical