OS X Server
by Apple Inc.
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1777 | Hig | 0.49 | 7.5 | 0.02 | Mar 24, 2016 | Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||
| CVE-2014-4406 | Med | 0.40 | 6.1 | 0.01 | Sep 19, 2014 | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-1787 | Med | 0.35 | 5.3 | 0.02 | Mar 24, 2016 | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | ||
| CVE-2016-1776 | Med | 0.35 | 5.3 | 0.02 | Mar 24, 2016 | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | ||
| CVE-2016-1774 | Med | 0.35 | 5.3 | 0.02 | Mar 24, 2016 | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks… | ||
| CVE-2015-7031 | 0.00 | — | 0.02 | Oct 23, 2015 | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||
| CVE-2015-5911 | 0.00 | — | 0.02 | Sep 18, 2015 | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | |||
| CVE-2015-1151 | 0.00 | — | 0.02 | Apr 28, 2015 | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||
| CVE-2015-1150 | 0.00 | — | 0.02 | Apr 28, 2015 | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. | |||
| CVE-2014-4447 | 0.00 | — | 0.00 | Oct 18, 2014 | Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | |||
| CVE-2014-4446 | 0.00 | — | 0.01 | Oct 18, 2014 | Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | |||
| CVE-2014-4424 | 0.00 | — | 0.02 | Sep 19, 2014 | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5143 | 0.00 | — | 0.01 | Oct 24, 2013 | The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback… |
- risk 0.49cvss 7.5epss 0.02
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.3epss 0.02
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
- risk 0.35cvss 5.3epss 0.02
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
- risk 0.35cvss 5.3epss 0.02
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks…
- CVE-2015-7031Oct 23, 2015risk 0.00cvss —epss 0.02
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
- CVE-2015-5911Sep 18, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
- CVE-2015-1151Apr 28, 2015risk 0.00cvss —epss 0.02
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
- CVE-2015-1150Apr 28, 2015risk 0.00cvss —epss 0.02
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended.
- CVE-2014-4447Oct 18, 2014risk 0.00cvss —epss 0.00
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.
- CVE-2014-4446Oct 18, 2014risk 0.00cvss —epss 0.01
Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.
- CVE-2014-4424Sep 19, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-5143Oct 24, 2013risk 0.00cvss —epss 0.01
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback…