Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X Server
Subscriptions
Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0253 | 4 Apache, Apple, Oracle and 1 more | 6 Http Server, Mac Os X, Mac Os X Server and 3 more | 2025-04-12 | N/A |
| The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. | ||||
| CVE-2014-1256 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-12 | N/A |
| Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | ||||
| CVE-2015-5722 | 3 Apple, Isc, Redhat | 5 Mac Os X Server, Bind, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | ||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 17 Http Server, Mac Os X, Mac Os X Server and 14 more | 2025-04-12 | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | ||||
| CVE-2016-1787 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | N/A |
| Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | ||||
| CVE-2016-1777 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | N/A |
| Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||||
| CVE-2015-5986 | 2 Apple, Isc | 2 Mac Os X Server, Bind | 2025-04-12 | N/A |
| openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. | ||||
| CVE-2010-0540 | 2 Apple, Redhat | 3 Mac Os X, Mac Os X Server, Enterprise Linux | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. | ||||
| CVE-2010-1786 | 3 Apple, Microsoft, Redhat | 8 Mac Os X, Mac Os X Server, Safari and 5 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. | ||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | ||||
| CVE-2010-1785 | 3 Apple, Microsoft, Redhat | 8 Mac Os X, Mac Os X Server, Safari and 5 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | ||||
| CVE-2010-0522 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | ||||
| CVE-2010-0534 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | ||||
| CVE-2010-0512 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | ||||
| CVE-2010-1412 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. | ||||
| CVE-2010-0513 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | ||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | ||||
| CVE-2010-0503 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2010-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. | ||||
| CVE-2010-1119 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Mac Os X Server and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | ||||