This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2004-03-15
Product Mac Os X Server Last view 2013-06-05
Version 10.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:mac_os_x_server

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.3 2013-06-05 CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

4.6 2012-09-20 CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

6.8 2012-09-20 CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8 2012-09-20 CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

2.1 2012-09-20 CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

7.5 2012-09-20 CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

4.3 2012-05-10 CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

7.5 2012-05-10 CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

6.8 2012-05-10 CVE-2012-0660

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8 2012-05-10 CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8 2012-05-10 CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

2.1 2012-05-10 CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

6.4 2012-05-10 CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.

6.8 2012-05-10 CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

6.9 2012-05-10 CVE-2012-0649

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

6.8 2012-02-16 CVE-2011-3026

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

5 2012-02-02 CVE-2011-3462

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

7.5 2012-02-02 CVE-2011-3460

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

6.8 2012-02-02 CVE-2011-3459

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

6.8 2012-02-02 CVE-2011-3458

QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.

7.5 2012-02-02 CVE-2011-3457

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.

7.5 2012-02-02 CVE-2011-3453

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.

4.3 2012-02-02 CVE-2011-3452

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

6.8 2012-02-02 CVE-2011-3449

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8 2012-02-02 CVE-2011-3448

Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

CWE : Common Weakness Enumeration

%idName
27% (27) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (14) CWE-264 Permissions, Privileges, and Access Controls
11% (11) CWE-189 Numeric Errors
8% (8) CWE-399 Resource Management Errors
7% (7) CWE-200 Information Exposure
7% (7) CWE-20 Improper Input Validation
5% (5) CWE-310 Cryptographic Issues
4% (4) CWE-287 Improper Authentication
4% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (3) CWE-134 Uncontrolled Format String
3% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (2) CWE-362 Race Condition
2% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (1) CWE-255 Credentials Management
1% (1) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-19 Embedding Scripts within Scripts
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-91 XSS in IMG Tags

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
76391 Apple Safari WebKit Private Browsing Mode Cookie Block Bypass
76390 Apple Safari SSL Certificate Handling Unitialized Memory Access Remote Code E...
76389 Apple Safari file:// URL Handling Remote Code Execution
76380 Apple Mac OS X QuickTime FLIC File Handling Overflow
76379 Apple Mac OS X QuickTime FlashPix File Handling Overflow
76378 Apple Mac OS X QuickTime Movie File Atom Hierarchy Handling Remote Code Execu...
76377 Apple Mac OS X QuickTime Movie File URL Data Handlers Handling Memory Disclosure
76375 Apple Mac OS X User Documentation App Store Help Content MitM Weakness Remote...
76373 Apple Mac OS X QuickTime Save for Web Export MitM Weakness XSS
76372 Apple Mac OS X Multiple QuickTime Movie File Handling Memory Corruption
76368 Apple Mac OS X MediaKit Multiple Disk Image Handling Memory Corruption
76367 Apple Mac OS X libsecurity Nonstandard Certificate Revocation Website / Email...
76366 Apple Mac OS X Kernel Sticky Bit Directory Arbitrary File Deletion
76365 Apple Mac OS X Kernel Firewall DMA Protection Weakness Password Disclosure
76364 Apple Mac OS X IOGraphics Apple Cinema Displays Screen Lock Bypass
76363 Apple Mac OS X File Systems WebDAV Volume Handling HTTPS Server Certificate W...
76360 Apple Mac OS X CoreMedia Multiple QuickTime Movie File Handling Memory Corrup...
76359 Apple Mac OS X CFNetwork Cookie Policy Synchronization Cookie Block Bypass
76358 Apple Mac OS X ATS ATSFontDeactivate API Overflow
76357 Apple Mac OS X ATS Out-of-bounds Read Type 1 Font Handling Remote Code Execution
76355 Apple Mac OS X Application Firewall Debug Logging Binary Name Handling Format...
75446 Apple Mac OS X Keychain CA Untrusted Attribute Extended Validation Certificat...
71636 Apple Mac OS X Libinfo NFS RPC Packet Handling Remote DoS
71635 Apple Mac OS X Kernel i386_set_ldt System Call Local Privilege Escalation
71634 Apple Mac OS X HFS F_READBOOTSTRAP Ioctl Overflow Information Disclosure

ExploitDB Exploits

id Description
25974 Mac OSX Server DirectoryService Buffer Overflow
17986 Apple Safari file:// Arbitrary Code Execution
17901 Mac OS X < 10.6.7 Kernel Panic Exploit
14422 libpng <= 1.4.2 Denial of Service Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-08-30 Name : Fedora Update for thunderbird FEDORA-2012-1794
File : nvt/gb_fedora_2012_1794_thunderbird_fc17.nasl
2012-08-30 Name : Fedora Update for xulrunner FEDORA-2012-1800
File : nvt/gb_fedora_2012_1800_xulrunner_fc17.nasl
2012-08-30 Name : Fedora Update for libpng FEDORA-2012-1892
File : nvt/gb_fedora_2012_1892_libpng_fc17.nasl
2012-08-30 Name : Fedora Update for libpng10 FEDORA-2012-2003
File : nvt/gb_fedora_2012_2003_libpng10_fc17.nasl
2012-08-30 Name : Fedora Update for thunderbird FEDORA-2012-4910
File : nvt/gb_fedora_2012_4910_thunderbird_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-15 (libpng)
File : nvt/glsa_201206_15.nasl
2012-08-03 Name : Mandriva Update for mozilla MDVSA-2012:022 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_022_firefox.nasl
2012-08-02 Name : SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunn...
File : nvt/gb_suse_2012_0297_1.nasl
2012-08-02 Name : SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)
File : nvt/gb_suse_2012_0316_1.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2012:0140 centos6
File : nvt/gb_CESA-2012_0140_thunderbird_centos6.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2012:0141 centos4
File : nvt/gb_CESA-2012_0141_seamonkey_centos4.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2012:0142 centos4
File : nvt/gb_CESA-2012_0142_firefox_centos4.nasl
2012-07-30 Name : CentOS Update for xulrunner CESA-2012:0143 centos5
File : nvt/gb_CESA-2012_0143_xulrunner_centos5.nasl
2012-07-30 Name : CentOS Update for xulrunner CESA-2012:0143 centos6
File : nvt/gb_CESA-2012_0143_xulrunner_centos6.nasl
2012-07-30 Name : CentOS Update for libpng10 CESA-2012:0317 centos4
File : nvt/gb_CESA-2012_0317_libpng10_centos4.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos4
File : nvt/gb_CESA-2012_0317_libpng_centos4.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos5
File : nvt/gb_CESA-2012_0317_libpng_centos5.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos6
File : nvt/gb_CESA-2012_0317_libpng_centos6.nasl
2012-07-09 Name : RedHat Update for thunderbird RHSA-2012:0140-01
File : nvt/gb_RHSA-2012_0140-01_thunderbird.nasl
2012-05-18 Name : Apple QuickTime Multiple Vulnerabilities - (Windows)
File : nvt/gb_apple_quicktime_mult_vuln_win_may12.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-04-30 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium10.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5515
File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5518
File : nvt/gb_fedora_2012_5518_libpng_fc16.nasl

Snort® IPS/IDS

Date Description
2021-01-12 file URI redirect attempt
RuleID : 56580 - Type : POLICY-OTHER - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Type : FILE-IMAGE - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Type : FILE-IMAGE - Revision : 1
2018-07-31 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 47033 - Type : FILE-MULTIMEDIA - Revision : 3
2018-07-31 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 47032 - Type : FILE-MULTIMEDIA - Revision : 3
2014-01-10 AFP FPLoginExt username buffer overflow attempt
RuleID : 2545-community - Type : SERVER-OTHER - Revision : 7
2014-01-10 AFP FPLoginExt username buffer overflow attempt
RuleID : 2545 - Type : SERVER-OTHER - Revision : 7
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25066 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25065 - Type : FILE-IMAGE - Revision : 5
2014-01-10 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 23581 - Type : FILE-MULTIMEDIA - Revision : 8
2014-01-10 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 23170 - Type : FILE-MULTIMEDIA - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22109 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22108 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22107 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22106 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22105 - Type : FILE-IMAGE - Revision : 12
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22104 - Type : FILE-IMAGE - Revision : 11
2014-01-10 file URI scheme attempt
RuleID : 16642 - Type : POLICY-OTHER - Revision : 11
2014-01-10 Apache mod_cache denial of service attempt
RuleID : 12591 - Type : SERVER-APACHE - Revision : 12

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_libpng_20130313.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-11.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-120.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-137.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-142.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_MozillaFirefox-100727.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_MozillaThunderbird-100721.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_mozilla-xulrunner191-100722.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_seamonkey-100721.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_MozillaFirefox-120217.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_MozillaThunderbird-120217.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_libpng12-120220.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_libpng14-120220.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_mozilla-js192-120217.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_seamonkey-120217.nasl - Type: ACT_GATHER_INFO
2013-09-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2012-49.nasl - Type: ACT_GATHER_INFO
2013-08-13 Name: The remote host is susceptible to a buffer overflow.
File: macosx_directory_srv_2013_0984.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0533.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0534.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0556.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1595.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0534.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0546.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0547.nasl - Type: ACT_GATHER_INFO