Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x_server
(Apple)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 664 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-10-14 | CVE-2011-3435 | Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-09-12 | CVE-2011-3422 | The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3246 | CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | Iphone_os, Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3228 | QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3227 | libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3226 | Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3225 | The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3224 | The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3223 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2011-10-14 | CVE-2011-3222 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | Mac_os_x, Mac_os_x_server | N/A |