Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

13 matches found

CVE•added 2014/04/15 10:55 a.m.•828 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8475EPSS

CVE•added 2014/03/31 2:58 p.m.•170 views

CVE-2014-0067

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

4.6CVSS9AI score0.00118EPSS

CVE•added 2014/02/27 1:55 a.m.•58 views

CVE-2014-1268

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2014/02/27 1:55 a.m.•57 views

CVE-2014-1270

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2014/02/27 1:55 a.m.•54 views

CVE-2014-1269

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2014/04/23 11:52 a.m.•51 views

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connect...

4.3CVSS5.9AI score0.00207EPSS

CVE•added 2014/02/27 1:55 a.m.•47 views

CVE-2014-1259

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

6.8CVSS7.7AI score0.00697EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1370

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

6.8CVSS7.8AI score0.01847EPSS

CVE•added 2014/09/19 10:55 a.m.•44 views

CVE-2014-4350

Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

6.8CVSS7.7AI score0.10417EPSS

CVE•added 2014/02/27 1:55 a.m.•43 views

CVE-2014-1256

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

7.5CVSS6.3AI score0.00378EPSS

CVE•added 2014/02/27 1:55 a.m.•42 views

CVE-2014-1265

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

4.6CVSS5.8AI score0.00054EPSS

CVE•added 2014/07/01 10:17 a.m.•42 views

CVE-2014-1371

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

7.5CVSS7.6AI score0.00788EPSS

CVE•added 2014/09/19 10:55 a.m.•41 views

CVE-2014-1391

QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

6.8CVSS7.7AI score0.05493EPSS