Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1863 | 0.01 | — | 0.12 | Jun 27, 2007 | cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)… | |||
| CVE-2007-2399 | 0.01 | — | 0.07 | Jun 25, 2007 | WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | |||
| CVE-2007-0746 | 0.01 | — | 0.10 | Apr 24, 2007 | Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | |||
| CVE-2006-6061 | 0.01 | — | 0.09 | Nov 22, 2006 | com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states… | |||
| CVE-2006-3498 | 0.01 | — | 0.07 | Aug 2, 2006 | Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request. | |||
| CVE-2006-1983 | 0.01 | — | 0.08 | Apr 21, 2006 | Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that… | |||
| CVE-2006-0387 | 0.01 | — | 0.08 | Mar 6, 2006 | Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. | |||
| CVE-2004-0803 | 0.01 | — | 0.08 | Dec 23, 2004 | Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | |||
| CVE-2004-1307 | 0.01 | — | 0.06 | Dec 21, 2004 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a… | |||
| CVE-2004-0112 | 0.01 | — | 0.10 | Nov 23, 2004 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake… | |||
| CVE-2004-0081 | 0.01 | — | 0.07 | Nov 23, 2004 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||
| CVE-2020-9995 | 0.00 | — | 0.01 | Apr 2, 2021 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | |||
| CVE-2015-7031 | 0.00 | — | 0.02 | Oct 23, 2015 | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||
| CVE-2015-5911 | 0.00 | — | 0.02 | Sep 18, 2015 | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | |||
| CVE-2015-3185 | 0.00 | — | 0.19 | Jul 20, 2015 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended… | |||
| CVE-2015-0253 | 0.00 | — | 0.15 | Jul 20, 2015 | The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a… | |||
| CVE-2015-1151 | 0.00 | — | 0.02 | Apr 28, 2015 | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||
| CVE-2015-1150 | 0.00 | — | 0.02 | Apr 28, 2015 | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. | |||
| CVE-2015-0228 | 0.00 | — | 0.19 | Mar 8, 2015 | The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade… | |||
| CVE-2014-4447 | 0.00 | — | 0.00 | Oct 18, 2014 | Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. |
- CVE-2007-1863Jun 27, 2007risk 0.01cvss —epss 0.12
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)…
- CVE-2007-2399Jun 25, 2007risk 0.01cvss —epss 0.07
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
- CVE-2007-0746Apr 24, 2007risk 0.01cvss —epss 0.10
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
- CVE-2006-6061Nov 22, 2006risk 0.01cvss —epss 0.09
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states…
- CVE-2006-3498Aug 2, 2006risk 0.01cvss —epss 0.07
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
- CVE-2006-1983Apr 21, 2006risk 0.01cvss —epss 0.08
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that…
- CVE-2006-0387Mar 6, 2006risk 0.01cvss —epss 0.08
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
- CVE-2004-0803Dec 23, 2004risk 0.01cvss —epss 0.08
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
- CVE-2004-1307Dec 21, 2004risk 0.01cvss —epss 0.06
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…
- CVE-2004-0112Nov 23, 2004risk 0.01cvss —epss 0.10
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…
- CVE-2004-0081Nov 23, 2004risk 0.01cvss —epss 0.07
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- CVE-2020-9995Apr 2, 2021risk 0.00cvss —epss 0.01
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.
- CVE-2015-7031Oct 23, 2015risk 0.00cvss —epss 0.02
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
- CVE-2015-5911Sep 18, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
- CVE-2015-3185Jul 20, 2015risk 0.00cvss —epss 0.19
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…
- CVE-2015-0253Jul 20, 2015risk 0.00cvss —epss 0.15
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a…
- CVE-2015-1151Apr 28, 2015risk 0.00cvss —epss 0.02
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
- CVE-2015-1150Apr 28, 2015risk 0.00cvss —epss 0.02
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended.
- CVE-2015-0228Mar 8, 2015risk 0.00cvss —epss 0.19
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade…
- CVE-2014-4447Oct 18, 2014risk 0.00cvss —epss 0.00
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.
Page 6 of 34