Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x_server
(Apple)Repositories | https://github.com/apache/httpd |
#Vulnerabilities | 664 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2008-09-26 | CVE-2008-3637 | The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | Mac_os_x, Mac_os_x_server | 8.8 | ||
2012-10-03 | CVE-2012-3489 | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. | Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Postgresql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2009-05-13 | CVE-2009-0152 | iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | Mac_os_x, Mac_os_x_server | 7.5 | ||
2010-11-15 | CVE-2010-1378 | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | Mac_os_x, Mac_os_x_server | 9.8 | ||
2009-07-10 | CVE-2009-2422 | The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | Mac_os_x, Mac_os_x_server, Ruby_on_rails | 9.8 | ||
2007-02-16 | CVE-2007-0897 | Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | Mac_os_x_server, Clamav, Debian_linux | 7.5 | ||
2008-03-19 | CVE-2008-0063 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 7.5 | ||
2009-06-09 | CVE-2009-0949 | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise | 7.5 | ||
2011-06-24 | CVE-2011-0199 | The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | Mac_os_x, Mac_os_x_server | 5.9 | ||
2003-08-27 | CVE-2003-0466 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | Mac_os_x, Mac_os_x_server, Freebsd, Netbsd, Openbsd, Wu_ftpd, Solaris, Wu\-Ftpd | 9.8 |