Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
Source: Apple Inc.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Source: Apple Inc.
Max CVSS
7.5
EPSS Score
0.25%
Published
2016-03-24
Updated
2016-12-20
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
Source: Apple Inc.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
Source: Apple Inc.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
Source: Apple Inc.
Max CVSS
5.0
EPSS Score
0.27%
Published
2015-10-23
Updated
2016-12-24
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
Source: MITRE
Max CVSS
7.1
EPSS Score
95.81%
Published
2015-09-05
Updated
2016-12-31
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
Source: Apple Inc.
Max CVSS
10.0
EPSS Score
0.34%
Published
2015-09-18
Updated
2016-12-22
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
Source: MITRE
Max CVSS
7.8
EPSS Score
96.60%
Published
2015-09-05
Updated
2016-12-31
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
0.37%
Published
2015-07-20
Updated
2021-06-06
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
8.49%
Published
2015-05-28
Updated
2018-01-05
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
1.73%
Published
2015-07-20
Updated
2021-06-06
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
4.04%
Published
2015-03-08
Updated
2021-06-06
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
39.02%
Published
2014-09-19
Updated
2017-08-29
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
4.04%
Published
2014-09-19
Updated
2017-08-29
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
Source: Apple Inc.
Max CVSS
7.5
EPSS Score
5.18%
Published
2014-07-01
Updated
2015-12-22
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
5.30%
Published
2014-07-01
Updated
2016-12-08
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.50%
Published
2014-04-23
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
1.18%
Published
2014-02-27
Updated
2016-12-08
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
Source: Apple Inc.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-27
Updated
2014-02-27
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
Source: Apple Inc.
Max CVSS
6.8
EPSS Score
0.10%
Published
2014-02-27
Updated
2014-03-10
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
Source: Apple Inc.
Max CVSS
7.5
EPSS Score
0.28%
Published
2014-02-27
Updated
2014-02-27
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
Source: Red Hat, Inc.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-03-31
Updated
2017-12-16
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Source: MITRE
Max CVSS
5.0
EPSS Score
46.73%
Published
2014-04-15
Updated
2022-04-14
661 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!