CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2016-4694 – Apple Security Advisory 2016-09-20-4
https://notcve.org/view.php?id=CVE-2016-4694
20 Sep 2016 — The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. El Apache HTTP Server en Apple OS X en versiones ant... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4754 – Apple Security Advisory 2016-09-20-4
https://notcve.org/view.php?id=CVE-2016-4754
20 Sep 2016 — ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. ServerDocs Server en Apple OS X Server en versiones anteriores a 5.2 permite el cifrado RC4, lo que podría permitir a atacantes remotos vencer mecanismos de protección criptográfica a través de vectores no especificados. macOS Server 5.2 is now available and addresses traffic proxying and RC4 vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1151
https://notcve.org/view.php?id=CVE-2015-1151
28 Apr 2015 — Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. Wiki Server en Apple OS X Server anterior a 4.1 permite a atacantes remotos evadir las restricciones sobre las páginas de actividad y de gente mediante la conexión desde un cliente de iPad. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1150
https://notcve.org/view.php?id=CVE-2015-1150
28 Apr 2015 — The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. El componente Firewall en Apple OS X Server anterior a 4.1 utiliza un nombre de ruta incorrecto en los ficheros de configuración, lo que permite a atacantes remotos evadir las restricciones de acceso a red mediante el envío de paquetes para los cuales el bloqueo de la regla... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4446 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4446
17 Oct 2014 — Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. Mail Service en Apple OS X Server anterior a 4.0 no fuerza cambios SACL hasta después de un reinicio de servicio, lo que permite a usuarios remotos autenticados evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamie... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4447 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4447
17 Oct 2014 — Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. Profile Manager en Apple OS X Server anterior a 4.0 permite a usuarios locales descubrir contraseñas en texto claro mediante la lectura de un fichero después de que ocurra una (1) configuración de perfil o (2) edición de perfil. OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, a... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-4424 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4424
19 Sep 2014 — SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Wiki Server en CoreCollaboration en Apple OS X Server anterior a 2.2.3 y 3.x anterior a 3.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitr... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4406 – Apple Security Advisory 2014-10-16-3
https://notcve.org/view.php?id=CVE-2014-4406
19 Sep 2014 — Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitrary javascrip... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 182EXPL: 0CVE-2012-3722 – Apple Security Advisory 2012-09-19-2
https://notcve.org/view.php?id=CVE-2012-3722
20 Sep 2012 — The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2011-3246 – Apple Security Advisory 2011-10-12-1
https://notcve.org/view.php?id=CVE-2011-3246
13 Oct 2011 — CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. CFNetwork en iOS anterior a versión 5.0.1 y Mac OS X versión 10.7 anterior a 10.7.2 de Apple, no analiza apropiadamente las URL, lo que permite a los atacantes remotos desencadenar visitas a sitios web no deseados, y la transmisión de cookies a si... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •