Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
Max CVSS
5.3
EPSS Score
0.34%
Published
2016-03-24
Updated
2016-12-20
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
Max CVSS
5.0
EPSS Score
0.27%
Published
2015-10-23
Updated
2016-12-24
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Max CVSS
5.0
EPSS Score
1.73%
Published
2015-07-20
Updated
2021-06-06
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Max CVSS
5.0
EPSS Score
4.04%
Published
2015-03-08
Updated
2021-06-06
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
Max CVSS
6.8
EPSS Score
39.02%
Published
2014-09-19
Updated
2017-08-29
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
Max CVSS
6.8
EPSS Score
4.04%
Published
2014-09-19
Updated
2017-08-29
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
Max CVSS
6.8
EPSS Score
5.30%
Published
2014-07-01
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-02-27
Updated
2016-12-08
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
Max CVSS
6.8
EPSS Score
1.18%
Published
2014-02-27
Updated
2016-12-08
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
Max CVSS
6.8
EPSS Score
0.10%
Published
2014-02-27
Updated
2014-03-10
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Max CVSS
5.0
EPSS Score
46.73%
Published
2014-04-15
Updated
2022-04-14
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
0.99%
Published
2013-06-05
Updated
2014-01-28
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
Max CVSS
6.8
EPSS Score
0.29%
Published
2013-06-05
Updated
2013-06-05
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
Max CVSS
6.8
EPSS Score
0.16%
Published
2013-03-15
Updated
2013-03-18
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
Max CVSS
6.8
EPSS Score
0.15%
Published
2013-03-15
Updated
2013-03-18
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
Max CVSS
6.4
EPSS Score
0.16%
Published
2013-03-15
Updated
2013-03-18
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Max CVSS
6.8
EPSS Score
1.48%
Published
2012-09-20
Updated
2017-08-29
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
Max CVSS
6.8
EPSS Score
0.60%
Published
2012-09-20
Updated
2017-08-29
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Max CVSS
6.5
EPSS Score
0.22%
Published
2012-10-03
Updated
2024-02-15
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
Max CVSS
6.8
EPSS Score
3.25%
Published
2012-05-11
Updated
2017-12-05
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
1.94%
Published
2012-05-11
Updated
2012-05-30
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
59.49%
Published
2012-05-11
Updated
2012-05-30
281 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!