Apple Mac Os X Server vulnerabilities

CVE-2010-1821 [HIGH] CWE-20 CVE-2010-1821: Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obt Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.

CVE-2010-1816 [HIGH] CWE-119 CVE-2010-1816: Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10 Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.

CVE-2016-1777 [HIGH] CWE-310 CVE-2016-1777: Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for rem Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVE-2016-1776 [MEDIUM] CWE-284 CVE-2016-1776: Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htacc Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.

CVE-2016-1787 [MEDIUM] CWE-200 CVE-2016-1787: Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.

CVE-2016-1774 [MEDIUM] CWE-284 CVE-2016-1774: The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.

CVE-2015-7031 [MEDIUM] CWE-264 CVE-2015-7031: The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header config The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.

CVE-2015-5911 [CRITICAL] CVE-2015-5911: Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 all Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.

CVE-2015-5722 [HIGH] CWE-20 CVE-2015-5722: buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attacker buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

CVE-2015-5986 [HIGH] CWE-20 CVE-2015-5986: openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

CVE-2015-0253 [MEDIUM] CVE-2015-0253: The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initia The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400

CVE-2015-3185 [MEDIUM] CWE-264 CVE-2015-3185: The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the pres

CVE-2015-3165 [MEDIUM] CVE-2015-3165: Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

CVE-2015-0228 [MEDIUM] CWE-20 CVE-2015-0228: The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server thr The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

CVE-2014-4350 [MEDIUM] CWE-119 CVE-2014-4350: Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execut Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

CVE-2014-1391 [MEDIUM] CWE-119 CVE-2014-1391: QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-1371 [HIGH] CWE-119 CVE-2014-1371: Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

CVE-2014-1370 [MEDIUM] CWE-119 CVE-2014-1370: The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

CVE-2014-1296 [MEDIUM] CWE-264 CVE-2014-1296: CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not e CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated b

CVE-2013-5704 [MEDIUM] CVE-2013-5704: The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHe The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."