Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

8 matches found

CVE•added 2015/07/20 11:59 p.m.•1519 views

CVE-2015-3185

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.6AI score0.07873EPSS

CVE•added 2015/03/08 2:59 a.m.•659 views

CVE-2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

5CVSS8.8AI score0.14678EPSS

CVE•added 2015/09/05 2:59 a.m.•479 views

CVE-2015-5986

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

7.1CVSS8.6AI score0.47845EPSS

CVE•added 2015/09/05 2:59 a.m.•287 views

CVE-2015-5722

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

7.8CVSS7.1AI score0.50782EPSS

CVE•added 2015/05/28 2:59 p.m.•109 views

CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session...

4.3CVSS9.1AI score0.07299EPSS

CVE•added 2015/07/20 11:59 p.m.•108 views

CVE-2015-0253

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation...

5CVSS7.9AI score0.08163EPSS

CVE•added 2015/10/23 10:59 a.m.•46 views

CVE-2015-7031

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.

5CVSS6.1AI score0.00257EPSS

CVE•added 2015/09/18 12:0 p.m.•43 views

CVE-2015-5911

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.

10CVSS8.6AI score0.00391EPSS