CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1774 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1774
22 Mar 2016 — The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realización de una copia de seguridad, lo que facilita a a... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1776 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1776
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Web Server en Apple OS X Server en versiones anteriores a 5.1 no restringe correctamente el acceso a archivos .DS_Store y .htaccess, lo que permite a atacantes remotos obtener información de configuración sensible a través de una petición HTTP. OS X Server 5.1 is now available and addresses RC4 crypto w... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1777 – Apple Security Advisory 2018-10-30-11
https://notcve.org/view.php?id=CVE-2016-1777
22 Mar 2016 — Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Web Server en Apple OS X Server en versiones anteriores a 5.1 soporta el algoritmo RC4, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS 12 is now available and address... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1787 – Apple Security Advisory 2016-03-21-7
https://notcve.org/view.php?id=CVE-2016-1787
22 Mar 2016 — Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. Wiki Server en Apple OS X Server en versiones anteriores a 5.1 permite a atacantes remotos obtener información sensible de páginas Wiki a través de vectores no especificados. OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7031 – Apple Security Advisory 2015-10-21-8
https://notcve.org/view.php?id=CVE-2015-7031
21 Oct 2015 — The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. El componente Web Service en Apple OS X Server en versiones anteriores a 5.0.15 omite una configuración de cabecera HTTP no especificada, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de vectores desconocidos. OS X Server 5.0.15 is now available and addresses BIND and ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 24%CPEs: 18EXPL: 0CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
20 Jul 2015 — The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en s... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
https://notcve.org/view.php?id=CVE-2015-0253
20 Jul 2015 — The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el pro... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2015-0228 – httpd: Possible mod_lua crash due to websocket bug
https://notcve.org/view.php?id=CVE-2015-0228
08 Mar 2015 — The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. La función lua_websocket_read en lua_request.c en el módulo mod_lua en Apache HTTP Server hasta 2.4.12 permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) mediante el envío de un Frame WebSocket... • http://advisories.mageia.org/MGASA-2015-0099.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 19%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
15 Dec 2014 — The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0067 – Mandriva Linux Security Advisory 2014-047
https://notcve.org/view.php?id=CVE-2014-0067
21 Feb 2014 — The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •