Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x_server
(Apple)Repositories | https://github.com/apache/httpd |
#Vulnerabilities | 664 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2009-05-13 | CVE-2009-0152 | iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | Mac_os_x, Mac_os_x_server | 7.5 | ||
2010-11-15 | CVE-2010-1378 | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | Mac_os_x, Mac_os_x_server | 9.8 | ||
2009-07-10 | CVE-2009-2422 | The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | Mac_os_x, Mac_os_x_server, Ruby_on_rails | 9.8 | ||
2007-02-16 | CVE-2007-0897 | Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | Mac_os_x_server, Clamav, Debian_linux | 7.5 | ||
2008-03-19 | CVE-2008-0063 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 7.5 | ||
2009-06-09 | CVE-2009-0949 | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise | 7.5 | ||
2011-06-24 | CVE-2011-0199 | The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | Mac_os_x, Mac_os_x_server | 5.9 | ||
2003-08-27 | CVE-2003-0466 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | Mac_os_x, Mac_os_x_server, Freebsd, Netbsd, Openbsd, Wu_ftpd, Solaris, Wu\-Ftpd | 9.8 | ||
2010-06-22 | CVE-2010-1637 | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | Mac_os_x, Mac_os_x_server, Fedora, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Squirrelmail | 6.5 | ||
2004-12-03 | CVE-2004-1083 | Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. | Darwin_streaming_server, Mac_os_x, Mac_os_x_server, Quicktime_streaming_server | 7.5 |