Lucene search

K
AppleMac Os X Server

104 matches found

CVE
CVE
added 2014/04/15 10:55 a.m.828 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8475EPSS
CVE
CVE
added 2015/03/08 2:59 a.m.659 views

CVE-2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

5CVSS8.8AI score0.14678EPSS
CVE
CVE
added 2015/07/20 11:59 p.m.108 views

CVE-2015-0253

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation...

5CVSS7.9AI score0.08163EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.87 views

CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5CVSS7.2AI score0.02271EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.87 views

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-b...

5CVSS7.2AI score0.00942EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.80 views

CVE-2016-1776

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.

5.3CVSS4.7AI score0.00283EPSS
CVE
CVE
added 2007/06/27 5:30 p.m.76 views

CVE-2007-1863

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or...

5CVSS6.2AI score0.34512EPSS
CVE
CVE
added 2005/01/27 5:0 a.m.66 views

CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

5CVSS9.1AI score0.10989EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.64 views

CVE-2002-1265

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

5CVSS6.2AI score0.02369EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.63 views

CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

5CVSS6.3AI score0.01229EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.61 views

CVE-2004-0165

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

5CVSS7.2AI score0.02148EPSS
CVE
CVE
added 2002/11/04 5:0 a.m.60 views

CVE-2002-0666

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness error...

5CVSS6.7AI score0.00969EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.59 views

CVE-2011-3246

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

5CVSS6AI score0.0086EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.57 views

CVE-2003-0804

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

5CVSS6.6AI score0.00739EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.57 views

CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

5CVSS6.4AI score0.03822EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.57 views

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.

5CVSS8.4AI score0.00307EPSS
CVE
CVE
added 2009/12/08 5:30 p.m.56 views

CVE-2009-2843

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

5CVSS7.6AI score0.01018EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-0127

Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

5CVSS6.4AI score0.00782EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.54 views

CVE-2004-0430

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than ...

5.1CVSS8.1AI score0.80742EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.54 views

CVE-2005-2502

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.

5.1CVSS9.6AI score0.01006EPSS
CVE
CVE
added 2010/11/16 10:0 p.m.54 views

CVE-2010-3784

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.

5CVSS8.3AI score0.00408EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.53 views

CVE-2005-1341

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.

5.1CVSS7AI score0.00845EPSS
CVE
CVE
added 2005/10/26 12:2 a.m.52 views

CVE-2005-2524

Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.

5CVSS8.5AI score0.00396EPSS
CVE
CVE
added 2006/02/22 11:2 p.m.51 views

CVE-2006-0848

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the...

5.1CVSS6.9AI score0.83055EPSS
CVE
CVE
added 2006/06/27 10:13 p.m.51 views

CVE-2006-1470

OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.

5CVSS6.1AI score0.13704EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.51 views

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.51 views

CVE-2011-0189

The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

5CVSS5.7AI score0.00222EPSS
CVE
CVE
added 2005/01/27 5:0 a.m.50 views

CVE-2004-0925

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

5CVSS6.7AI score0.00485EPSS
CVE
CVE
added 2006/08/03 1:4 a.m.50 views

CVE-2006-3503

Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.

5.1CVSS7.4AI score0.01052EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.50 views

CVE-2009-2831

Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."

5.8CVSS7.3AI score0.00353EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.50 views

CVE-2009-2832

Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."

5.1CVSS7.9AI score0.0184EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.49 views

CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such...

5.1CVSS6.8AI score0.01126EPSS
CVE
CVE
added 2005/10/25 10:6 p.m.48 views

CVE-2005-2744

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

5.1CVSS7.5AI score0.04813EPSS
CVE
CVE
added 2006/04/21 10:2 p.m.48 views

CVE-2006-1984

Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.

5CVSS6.6AI score0.05644EPSS
CVE
CVE
added 2007/03/13 10:19 p.m.48 views

CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were base...

5CVSS7.4AI score0.01123EPSS
CVE
CVE
added 2007/11/15 1:46 a.m.48 views

CVE-2007-4688

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

5CVSS6.8AI score0.0045EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.48 views

CVE-2010-1834

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

5.8CVSS8.4AI score0.00288EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.47 views

CVE-2004-1832

Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.

5CVSS7.2AI score0.00832EPSS
CVE
CVE
added 2006/03/02 7:6 p.m.47 views

CVE-2006-0383

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".

5CVSS6.6AI score0.01157EPSS
CVE
CVE
added 2006/08/03 1:4 a.m.47 views

CVE-2006-3502

Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

5.1CVSS7.2AI score0.00776EPSS
CVE
CVE
added 2007/08/03 10:17 a.m.47 views

CVE-2007-3744

Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

5.8CVSS7.5AI score0.05939EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.47 views

CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5CVSS6.3AI score0.16946EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.47 views

CVE-2010-1828

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

5CVSS8.5AI score0.00975EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3225

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account.

5CVSS7.7AI score0.00285EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.46 views

CVE-2004-0743

Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.

5CVSS6.2AI score0.00405EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.46 views

CVE-2005-2506

Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

5CVSS9.1AI score0.00458EPSS
CVE
CVE
added 2005/12/01 2:7 a.m.46 views

CVE-2005-3702

Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.

5CVSS6.5AI score0.00638EPSS
CVE
CVE
added 2006/03/14 11:2 a.m.46 views

CVE-2006-0396

Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an att...

5.1CVSS7.4AI score0.2331EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

5CVSS8.3AI score0.00267EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0523

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.

5CVSS8.7AI score0.00209EPSS
Total number of security vulnerabilities104