VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2007-1863Jun 27, 2007
    risk 0.01cvss epss 0.12

    cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)…

  • CVE-2007-2399Jun 25, 2007
    risk 0.01cvss epss 0.07

    WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

  • CVE-2007-0746Apr 24, 2007
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".

  • CVE-2006-6061Nov 22, 2006
    risk 0.01cvss epss 0.09

    com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states…

  • CVE-2006-3498Aug 2, 2006
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.

  • CVE-2006-1983Apr 21, 2006
    risk 0.01cvss epss 0.08

    Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that…

  • CVE-2006-0387Mar 6, 2006
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.

  • CVE-2004-0803Dec 23, 2004
    risk 0.01cvss epss 0.08

    Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

  • CVE-2004-1307Dec 21, 2004
    risk 0.01cvss epss 0.06

    Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2020-9995Apr 2, 2021
    risk 0.00cvss epss 0.01

    An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.

  • CVE-2015-7031Oct 23, 2015
    risk 0.00cvss epss 0.02

    The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.

  • CVE-2015-5911Sep 18, 2015
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.

  • CVE-2015-3185Jul 20, 2015
    risk 0.00cvss epss 0.19

    The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…

  • CVE-2015-0253Jul 20, 2015
    risk 0.00cvss epss 0.15

    The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a…

  • CVE-2015-1151Apr 28, 2015
    risk 0.00cvss epss 0.02

    Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.

  • CVE-2015-1150Apr 28, 2015
    risk 0.00cvss epss 0.02

    The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended.

  • CVE-2015-0228Mar 8, 2015
    risk 0.00cvss epss 0.19

    The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade…

  • CVE-2014-4447Oct 18, 2014
    risk 0.00cvss epss 0.00

    Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.

Page 6 of 34