CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1774 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1774
22 Mar 2016 — The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realización de una copia de seguridad, lo que facilita a a... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1776 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1776
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Web Server en Apple OS X Server en versiones anteriores a 5.1 no restringe correctamente el acceso a archivos .DS_Store y .htaccess, lo que permite a atacantes remotos obtener información de configuración sensible a través de una petición HTTP. OS X Server 5.1 is now available and addresses RC4 crypto w... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1777 – Apple Security Advisory 2018-10-30-11
https://notcve.org/view.php?id=CVE-2016-1777
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Web Server en Apple OS X Server en versiones anteriores a 5.1 soporta el algoritmo RC4, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS 12 is now available and address... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1787 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1787
22 Mar 2016 — Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. Wiki Server en Apple OS X Server en versiones anteriores a 5.1 permite a atacantes remotos obtener información sensible de páginas Wiki a través de vectores no especificados. OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7031 – Apple Security Advisory 2015-10-21-8
https://notcve.org/view.php?id=CVE-2015-7031
21 Oct 2015 — The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. El componente Web Service en Apple OS X Server en versiones anteriores a 5.0.15 omite una configuración de cabecera HTTP no especificada, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de vectores desconocidos. OS X Server 5.0.15 is now available and addresses BIND and ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5911 – Apple Security Advisory 2015-09-16-4
https://notcve.org/view.php?id=CVE-2015-5911
18 Sep 2015 — Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. Múltiples vulnerabilidades no especificadas en Twisted en Wiki Server en Apple OS X Server en versiones anteriores a 5.0.3, permite a atacantes remotos tener un impacto desconocido a través de una documento XML. OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html •
CVSS: 7.5EPSS: 15%CPEs: 44EXPL: 0CVE-2015-3165 – postgresql: double-free after authentication timeout
https://notcve.org/view.php?id=CVE-2015-3165
22 May 2015 — Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remoto... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 25%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
15 Apr 2014 — The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de tran... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 126EXPL: 2CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
05 Jun 2013 — Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. Core Security Technologies Advisory - A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted... • https://packetstorm.news/files/id/121887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 87EXPL: 0CVE-2013-0961
https://notcve.org/view.php?id=CVE-2013-0961
15 Mar 2013 — WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. WebKit de Apple Safari anterior a v6.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web diseñado, una vulnerabilidad diferente a CVE-2013-0960. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html •