Apple Mac_os_x_server
360 CVEs affecting Apple Mac_os_x_server. Latest disclosed: 2017-04-13. Critical: 4, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2010-1378 | Critical | 9.8 | 2010-11-15 | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication v… |
CVE-2010-2941 | Critical | 9.8 | 2010-11-05 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers t… |
CVE-2010-0211 | Critical | 9.8 | 2010-07-28 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attac… |
CVE-2010-1205 | Critical | 9.8 | 2010-06-30 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbi… |
CVE-2010-1821 | High | 7.8 | 2017-04-13 | Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. |
CVE-2010-1816 | High | 7.8 | 2017-04-13 | Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or c… |
CVE-2016-1777 | High | 7.5 | 2016-03-24 | Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms… |
CVE-2011-1755 | High | 7.5 | 2011-06-21 | jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU c… |
CVE-2010-0302 | High | 7.5 | 2010-03-05 | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd i… |
CVE-2012-3489 | Medium | 6.5 | 2012-10-03 | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before… |
CVE-2010-1637 | Medium | 6.5 | 2010-06-22 | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to s… |
CVE-2011-0199 | Medium | 5.9 | 2011-06-24 | The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP U… |
CVE-2016-1787 | Medium | 5.3 | 2016-03-24 | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. |
CVE-2016-1776 | Medium | 5.3 | 2016-03-24 | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitiv… |
CVE-2016-1774 | Medium | 5.3 | 2016-03-24 | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier… |
CVE-2015-7031 | | 2015-10-23 | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended a… | |
CVE-2015-5911 | | 2015-09-18 | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | |
CVE-2015-5986 | | 2015-09-05 | openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion… | |
CVE-2015-5722 | | 2015-09-05 | buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemo… | |
CVE-2015-3185 | | 2015-07-20 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associat… |