Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2004-03-15 |
| Product | Mac Os X Server | Last view | 2013-06-05 |
| Version | 10.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2013-06-05 | CVE-2013-0984 | Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. |
| 4.6 | 2012-09-20 | CVE-2012-3723 | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. |
| 6.8 | 2012-09-20 | CVE-2012-3722 | The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
| 6.8 | 2012-09-20 | CVE-2012-3719 | Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. |
| 2.1 | 2012-09-20 | CVE-2012-3718 | Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
| 7.5 | 2012-09-20 | CVE-2012-0650 | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
| 4.3 | 2012-05-10 | CVE-2012-0675 | Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. |
| 7.5 | 2012-05-10 | CVE-2012-0662 | Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. |
| 6.8 | 2012-05-10 | CVE-2012-0660 | Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
| 6.8 | 2012-05-10 | CVE-2012-0659 | Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
| 6.8 | 2012-05-10 | CVE-2012-0658 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. |
| 2.1 | 2012-05-10 | CVE-2012-0657 | Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
| 6.4 | 2012-05-10 | CVE-2012-0655 | libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. |
| 6.8 | 2012-05-10 | CVE-2012-0654 | libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. |
| 6.9 | 2012-05-10 | CVE-2012-0649 | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. |
| 6.8 | 2012-02-16 | CVE-2011-3026 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. |
| 5 | 2012-02-02 | CVE-2011-3462 | Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. |
| 7.5 | 2012-02-02 | CVE-2011-3460 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. |
| 6.8 | 2012-02-02 | CVE-2011-3459 | Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. |
| 6.8 | 2012-02-02 | CVE-2011-3458 | QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file. |
| 7.5 | 2012-02-02 | CVE-2011-3457 | The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program. |
| 7.5 | 2012-02-02 | CVE-2011-3453 | Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. |
| 4.3 | 2012-02-02 | CVE-2011-3452 | Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. |
| 6.8 | 2012-02-02 | CVE-2011-3449 | Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. |
| 6.8 | 2012-02-02 | CVE-2011-3448 | Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 27% (27) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (14) | CWE-264 | Permissions, Privileges, and Access Controls |
| 11% (11) | CWE-189 | Numeric Errors |
| 8% (8) | CWE-399 | Resource Management Errors |
| 7% (7) | CWE-200 | Information Exposure |
| 7% (7) | CWE-20 | Improper Input Validation |
| 5% (5) | CWE-310 | Cryptographic Issues |
| 4% (4) | CWE-287 | Improper Authentication |
| 4% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3% (3) | CWE-134 | Uncontrolled Format String |
| 3% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (2) | CWE-362 | Race Condition |
| 2% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (1) | CWE-255 | Credentials Management |
| 1% (1) | CWE-190 | Integer Overflow or Wraparound |
| 1% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-19 | Embedding Scripts within Scripts |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-63 | Simple Script Injection |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-91 | XSS in IMG Tags |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76391 | Apple Safari WebKit Private Browsing Mode Cookie Block Bypass |
| 76390 | Apple Safari SSL Certificate Handling Unitialized Memory Access Remote Code E... |
| 76389 | Apple Safari file:// URL Handling Remote Code Execution |
| 76380 | Apple Mac OS X QuickTime FLIC File Handling Overflow |
| 76379 | Apple Mac OS X QuickTime FlashPix File Handling Overflow |
| 76378 | Apple Mac OS X QuickTime Movie File Atom Hierarchy Handling Remote Code Execu... |
| 76377 | Apple Mac OS X QuickTime Movie File URL Data Handlers Handling Memory Disclosure |
| 76375 | Apple Mac OS X User Documentation App Store Help Content MitM Weakness Remote... |
| 76373 | Apple Mac OS X QuickTime Save for Web Export MitM Weakness XSS |
| 76372 | Apple Mac OS X Multiple QuickTime Movie File Handling Memory Corruption |
| 76368 | Apple Mac OS X MediaKit Multiple Disk Image Handling Memory Corruption |
| 76367 | Apple Mac OS X libsecurity Nonstandard Certificate Revocation Website / Email... |
| 76366 | Apple Mac OS X Kernel Sticky Bit Directory Arbitrary File Deletion |
| 76365 | Apple Mac OS X Kernel Firewall DMA Protection Weakness Password Disclosure |
| 76364 | Apple Mac OS X IOGraphics Apple Cinema Displays Screen Lock Bypass |
| 76363 | Apple Mac OS X File Systems WebDAV Volume Handling HTTPS Server Certificate W... |
| 76360 | Apple Mac OS X CoreMedia Multiple QuickTime Movie File Handling Memory Corrup... |
| 76359 | Apple Mac OS X CFNetwork Cookie Policy Synchronization Cookie Block Bypass |
| 76358 | Apple Mac OS X ATS ATSFontDeactivate API Overflow |
| 76357 | Apple Mac OS X ATS Out-of-bounds Read Type 1 Font Handling Remote Code Execution |
| 76355 | Apple Mac OS X Application Firewall Debug Logging Binary Name Handling Format... |
| 75446 | Apple Mac OS X Keychain CA Untrusted Attribute Extended Validation Certificat... |
| 71636 | Apple Mac OS X Libinfo NFS RPC Packet Handling Remote DoS |
| 71635 | Apple Mac OS X Kernel i386_set_ldt System Call Local Privilege Escalation |
| 71634 | Apple Mac OS X HFS F_READBOOTSTRAP Ioctl Overflow Information Disclosure |
ExploitDB Exploits
| id | Description |
|---|---|
| 25974 | Mac OSX Server DirectoryService Buffer Overflow |
| 17986 | Apple Safari file:// Arbitrary Code Execution |
| 17901 | Mac OS X < 10.6.7 Kernel Panic Exploit |
| 14422 | libpng <= 1.4.2 Denial of Service Vulnerability |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| 2012-08-30 | Name : Fedora Update for thunderbird FEDORA-2012-1794 File : nvt/gb_fedora_2012_1794_thunderbird_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for xulrunner FEDORA-2012-1800 File : nvt/gb_fedora_2012_1800_xulrunner_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for libpng FEDORA-2012-1892 File : nvt/gb_fedora_2012_1892_libpng_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for libpng10 FEDORA-2012-2003 File : nvt/gb_fedora_2012_2003_libpng10_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for thunderbird FEDORA-2012-4910 File : nvt/gb_fedora_2012_4910_thunderbird_fc17.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-15 (libpng) File : nvt/glsa_201206_15.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:022 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_022_firefox.nasl |
| 2012-08-02 | Name : SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunn... File : nvt/gb_suse_2012_0297_1.nasl |
| 2012-08-02 | Name : SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12) File : nvt/gb_suse_2012_0316_1.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0140 centos6 File : nvt/gb_CESA-2012_0140_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0141 centos4 File : nvt/gb_CESA-2012_0141_seamonkey_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0142 centos4 File : nvt/gb_CESA-2012_0142_firefox_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for xulrunner CESA-2012:0143 centos5 File : nvt/gb_CESA-2012_0143_xulrunner_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for xulrunner CESA-2012:0143 centos6 File : nvt/gb_CESA-2012_0143_xulrunner_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for libpng10 CESA-2012:0317 centos4 File : nvt/gb_CESA-2012_0317_libpng10_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos4 File : nvt/gb_CESA-2012_0317_libpng_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos5 File : nvt/gb_CESA-2012_0317_libpng_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos6 File : nvt/gb_CESA-2012_0317_libpng_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0140-01 File : nvt/gb_RHSA-2012_0140-01_thunderbird.nasl |
| 2012-05-18 | Name : Apple QuickTime Multiple Vulnerabilities - (Windows) File : nvt/gb_apple_quicktime_mult_vuln_win_may12.nasl |
| 2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium10.nasl |
| 2012-04-26 | Name : Fedora Update for libpng FEDORA-2012-5515 File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl |
| 2012-04-26 | Name : Fedora Update for libpng FEDORA-2012-5518 File : nvt/gb_fedora_2012_5518_libpng_fc16.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-01-12 | file URI redirect attempt RuleID : 56580 - Type : POLICY-OTHER - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Type : FILE-IMAGE - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Type : FILE-IMAGE - Revision : 1 |
| 2018-07-31 | Apple QuickTime MPEG stream padding buffer overflow attempt RuleID : 47033 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2018-07-31 | Apple QuickTime MPEG stream padding buffer overflow attempt RuleID : 47032 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2014-01-10 | AFP FPLoginExt username buffer overflow attempt RuleID : 2545-community - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | AFP FPLoginExt username buffer overflow attempt RuleID : 2545 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 25066 - Type : FILE-IMAGE - Revision : 4 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 25065 - Type : FILE-IMAGE - Revision : 5 |
| 2014-01-10 | Apple QuickTime MPEG stream padding buffer overflow attempt RuleID : 23581 - Type : FILE-MULTIMEDIA - Revision : 8 |
| 2014-01-10 | Apple QuickTime MPEG stream padding buffer overflow attempt RuleID : 23170 - Type : FILE-MULTIMEDIA - Revision : 11 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22109 - Type : FILE-IMAGE - Revision : 10 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22108 - Type : FILE-IMAGE - Revision : 10 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22107 - Type : FILE-IMAGE - Revision : 10 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22106 - Type : FILE-IMAGE - Revision : 11 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22105 - Type : FILE-IMAGE - Revision : 12 |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22104 - Type : FILE-IMAGE - Revision : 11 |
| 2014-01-10 | file URI scheme attempt RuleID : 16642 - Type : POLICY-OTHER - Revision : 11 |
| 2014-01-10 | Apache mod_cache denial of service attempt RuleID : 12591 - Type : SERVER-APACHE - Revision : 12 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_libpng_20130313.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-11.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-120.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-137.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-142.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_MozillaFirefox-100727.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_MozillaThunderbird-100721.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_mozilla-xulrunner191-100722.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_seamonkey-100721.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_MozillaFirefox-120217.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_MozillaThunderbird-120217.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_libpng12-120220.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_libpng14-120220.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_mozilla-js192-120217.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_seamonkey-120217.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-49.nasl - Type: ACT_GATHER_INFO |
| 2013-08-13 | Name: The remote host is susceptible to a buffer overflow. File: macosx_directory_srv_2013_0984.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0533.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0534.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0556.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1595.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0534.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0546.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0547.nasl - Type: ACT_GATHER_INFO |
