VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2014-4446Oct 18, 2014
    risk 0.00cvss epss 0.01

    Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.

  • CVE-2014-4424Sep 19, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-4350Sep 19, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

  • CVE-2014-1391Sep 19, 2014
    risk 0.00cvss epss 0.04

    QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

  • CVE-2014-1371Jul 1, 2014
    risk 0.00cvss epss 0.02

    Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

  • CVE-2014-1370Jul 1, 2014
    risk 0.00cvss epss 0.02

    The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

  • CVE-2014-1296Apr 23, 2014
    risk 0.00cvss epss 0.02

    CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the…

  • CVE-2014-0067Mar 31, 2014
    risk 0.00cvss epss 0.00

    The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this…

  • CVE-2014-1270Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.

  • CVE-2014-1269Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

  • CVE-2014-1268Feb 27, 2014
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

  • CVE-2014-1265Feb 27, 2014
    risk 0.00cvss epss 0.00

    The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

  • CVE-2014-1259Feb 27, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

  • CVE-2014-1256Feb 27, 2014
    risk 0.00cvss epss 0.01

    Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

  • CVE-2013-5143Oct 24, 2013
    risk 0.00cvss epss 0.01

    The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback…

  • CVE-2013-1034Sep 19, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-1024Jun 5, 2013
    risk 0.00cvss epss 0.03

    CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

  • CVE-2013-0990Jun 5, 2013
    risk 0.00cvss epss 0.01

    SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

  • CVE-2013-0982Jun 5, 2013
    risk 0.00cvss epss 0.00

    The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

  • CVE-2013-0975Jun 5, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

Page 7 of 34