This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2004-07-07
Product Mac Os X Server Last view 2016-03-23
Version 5.0.15 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:mac_os_x_server

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2016-03-23 CVE-2016-1787

Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.

7.5 2016-03-23 CVE-2016-1777

Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

5.3 2016-03-23 CVE-2016-1776

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.

5.3 2016-03-23 CVE-2016-1774

The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.

7.1 2015-09-04 CVE-2015-5986

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

7.8 2015-09-04 CVE-2015-5722

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

9.3 2013-06-05 CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

4.6 2012-09-20 CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

6.8 2012-09-20 CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8 2012-09-20 CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

2.1 2012-09-20 CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

7.5 2012-09-20 CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

4.3 2012-05-10 CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

7.5 2012-05-10 CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

6.8 2012-05-10 CVE-2012-0660

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8 2012-05-10 CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8 2012-05-10 CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

2.1 2012-05-10 CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

6.4 2012-05-10 CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.

6.8 2012-05-10 CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

6.9 2012-05-10 CVE-2012-0649

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

6.8 2012-02-16 CVE-2011-3026

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

5 2012-02-02 CVE-2011-3462

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

7.5 2012-02-02 CVE-2011-3460

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

6.8 2012-02-02 CVE-2011-3459

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

CWE : Common Weakness Enumeration

%idName
25% (27) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (13) CWE-264 Permissions, Privileges, and Access Controls
10% (11) CWE-189 Numeric Errors
8% (9) CWE-20 Improper Input Validation
7% (8) CWE-399 Resource Management Errors
7% (8) CWE-200 Information Exposure
5% (6) CWE-310 Cryptographic Issues
3% (4) CWE-287 Improper Authentication
3% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (3) CWE-134 Uncontrolled Format String
2% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (2) CWE-362 Race Condition
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (1) CWE-255 Credentials Management
0% (1) CWE-190 Integer Overflow or Wraparound

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
76391 Apple Safari WebKit Private Browsing Mode Cookie Block Bypass
76390 Apple Safari SSL Certificate Handling Unitialized Memory Access Remote Code E...
76389 Apple Safari file:// URL Handling Remote Code Execution
76380 Apple Mac OS X QuickTime FLIC File Handling Overflow
76379 Apple Mac OS X QuickTime FlashPix File Handling Overflow
76378 Apple Mac OS X QuickTime Movie File Atom Hierarchy Handling Remote Code Execu...
76377 Apple Mac OS X QuickTime Movie File URL Data Handlers Handling Memory Disclosure
76375 Apple Mac OS X User Documentation App Store Help Content MitM Weakness Remote...
76373 Apple Mac OS X QuickTime Save for Web Export MitM Weakness XSS
76372 Apple Mac OS X Multiple QuickTime Movie File Handling Memory Corruption
76368 Apple Mac OS X MediaKit Multiple Disk Image Handling Memory Corruption
76367 Apple Mac OS X libsecurity Nonstandard Certificate Revocation Website / Email...
76366 Apple Mac OS X Kernel Sticky Bit Directory Arbitrary File Deletion
76365 Apple Mac OS X Kernel Firewall DMA Protection Weakness Password Disclosure
76364 Apple Mac OS X IOGraphics Apple Cinema Displays Screen Lock Bypass
76363 Apple Mac OS X File Systems WebDAV Volume Handling HTTPS Server Certificate W...
76360 Apple Mac OS X CoreMedia Multiple QuickTime Movie File Handling Memory Corrup...
76359 Apple Mac OS X CFNetwork Cookie Policy Synchronization Cookie Block Bypass
76358 Apple Mac OS X ATS ATSFontDeactivate API Overflow
76357 Apple Mac OS X ATS Out-of-bounds Read Type 1 Font Handling Remote Code Execution
76355 Apple Mac OS X Application Firewall Debug Logging Binary Name Handling Format...
75446 Apple Mac OS X Keychain CA Untrusted Attribute Extended Validation Certificat...
71636 Apple Mac OS X Libinfo NFS RPC Packet Handling Remote DoS
71635 Apple Mac OS X Kernel i386_set_ldt System Call Local Privilege Escalation
71634 Apple Mac OS X HFS F_READBOOTSTRAP Ioctl Overflow Information Disclosure

ExploitDB Exploits

id Description
25974 Mac OSX Server DirectoryService Buffer Overflow
17986 Apple Safari file:// Arbitrary Code Execution
17901 Mac OS X < 10.6.7 Kernel Panic Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-08-30 Name : Fedora Update for libpng FEDORA-2012-1892
File : nvt/gb_fedora_2012_1892_libpng_fc17.nasl
2012-08-30 Name : Fedora Update for libpng10 FEDORA-2012-2003
File : nvt/gb_fedora_2012_2003_libpng10_fc17.nasl
2012-08-30 Name : Fedora Update for xulrunner FEDORA-2012-1800
File : nvt/gb_fedora_2012_1800_xulrunner_fc17.nasl
2012-08-30 Name : Fedora Update for thunderbird FEDORA-2012-1794
File : nvt/gb_fedora_2012_1794_thunderbird_fc17.nasl
2012-08-30 Name : Fedora Update for thunderbird FEDORA-2012-4910
File : nvt/gb_fedora_2012_4910_thunderbird_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-15 (libpng)
File : nvt/glsa_201206_15.nasl
2012-08-03 Name : Mandriva Update for mozilla MDVSA-2012:022 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_022_firefox.nasl
2012-08-02 Name : SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunn...
File : nvt/gb_suse_2012_0297_1.nasl
2012-08-02 Name : SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)
File : nvt/gb_suse_2012_0316_1.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2012:0140 centos6
File : nvt/gb_CESA-2012_0140_thunderbird_centos6.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2012:0141 centos4
File : nvt/gb_CESA-2012_0141_seamonkey_centos4.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2012:0142 centos4
File : nvt/gb_CESA-2012_0142_firefox_centos4.nasl
2012-07-30 Name : CentOS Update for xulrunner CESA-2012:0143 centos5
File : nvt/gb_CESA-2012_0143_xulrunner_centos5.nasl
2012-07-30 Name : CentOS Update for xulrunner CESA-2012:0143 centos6
File : nvt/gb_CESA-2012_0143_xulrunner_centos6.nasl
2012-07-30 Name : CentOS Update for libpng10 CESA-2012:0317 centos4
File : nvt/gb_CESA-2012_0317_libpng10_centos4.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos4
File : nvt/gb_CESA-2012_0317_libpng_centos4.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos5
File : nvt/gb_CESA-2012_0317_libpng_centos5.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0317 centos6
File : nvt/gb_CESA-2012_0317_libpng_centos6.nasl
2012-07-09 Name : RedHat Update for thunderbird RHSA-2012:0140-01
File : nvt/gb_RHSA-2012_0140-01_thunderbird.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-18 Name : Apple QuickTime Multiple Vulnerabilities - (Windows)
File : nvt/gb_apple_quicktime_mult_vuln_win_may12.nasl
2012-04-30 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium10.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5518
File : nvt/gb_fedora_2012_5518_libpng_fc16.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5515
File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0208 Multiple Vulnerabilities in ISC BIND
Severity: Category I - VMSKEY: V0061377

Snort® IPS/IDS

Date Description
2018-07-31 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 47033 - Type : FILE-MULTIMEDIA - Revision : 3
2018-07-31 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 47032 - Type : FILE-MULTIMEDIA - Revision : 3
2016-03-14 ISC BIND zero length OPENPGPKEY rdata response attempt
RuleID : 36130 - Type : PROTOCOL-DNS - Revision : 4
2015-10-20 ISC BIND DNSSEC response unsupported cryptographic algorithm attempt
RuleID : 36056 - Type : PROTOCOL-DNS - Revision : 2
2015-10-20 ISC BIND DNSSEC response unsupported DNSKEY cryptographic algorithm attempt
RuleID : 36055 - Type : PROTOCOL-DNS - Revision : 3
2014-01-10 AFP FPLoginExt username buffer overflow attempt
RuleID : 2545-community - Type : SERVER-OTHER - Revision : 7
2014-01-10 AFP FPLoginExt username buffer overflow attempt
RuleID : 2545 - Type : SERVER-OTHER - Revision : 7
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25066 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25065 - Type : FILE-IMAGE - Revision : 5
2014-01-10 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 23581 - Type : FILE-MULTIMEDIA - Revision : 8
2014-01-10 Apple QuickTime MPEG stream padding buffer overflow attempt
RuleID : 23170 - Type : FILE-MULTIMEDIA - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22109 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22108 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22107 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22106 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22105 - Type : FILE-IMAGE - Revision : 12
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22104 - Type : FILE-IMAGE - Revision : 11
2014-01-10 file URI scheme attempt
RuleID : 16642 - Type : POLICY-OTHER - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO
2016-12-16 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_12_2.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0055.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U867672.nasl - Type: ACT_GATHER_INFO
2016-02-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17181.nasl - Type: ACT_GATHER_INFO
2016-01-29 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0078.nasl - Type: ACT_GATHER_INFO
2016-01-29 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0079.nasl - Type: ACT_GATHER_INFO
2016-01-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0227-1.nasl - Type: ACT_GATHER_INFO
2015-12-04 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U861500.nasl - Type: ACT_GATHER_INFO
2015-11-06 Name: The remote AIX host is missing a security patch.
File: aix_IV78091.nasl - Type: ACT_GATHER_INFO
2015-11-06 Name: The remote AIX host is missing a security patch.
File: aix_IV78092.nasl - Type: ACT_GATHER_INFO
2015-11-06 Name: The remote AIX host is missing a security patch.
File: aix_IV78094.nasl - Type: ACT_GATHER_INFO
2015-11-06 Name: The remote AIX host is missing a security patch.
File: aix_IV78095.nasl - Type: ACT_GATHER_INFO
2015-11-06 Name: The remote AIX host is missing a security patch.
File: aix_IV78096.nasl - Type: ACT_GATHER_INFO
2015-10-26 Name: The remote host is missing a security update for OS X Server.
File: macosx_server_5_0_15.nasl - Type: ACT_GATHER_INFO
2015-10-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1705.nasl - Type: ACT_GATHER_INFO
2015-10-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1706.nasl - Type: ACT_GATHER_INFO
2015-10-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1707.nasl - Type: ACT_GATHER_INFO
2015-10-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201510-01.nasl - Type: ACT_GATHER_INFO
2015-10-05 Name: The remote Fedora host is missing a security update.
File: fedora_2015-15061.nasl - Type: ACT_GATHER_INFO
2015-09-25 Name: The remote Fedora host is missing a security update.
File: fedora_2015-14958.nasl - Type: ACT_GATHER_INFO
2015-09-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-600.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17227.nasl - Type: ACT_GATHER_INFO