Vulnerabilities > Apple > MAC OS X Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2010-1821 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | 7.8 |
| 2017-04-13 | CVE-2010-1816 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. | 7.8 |
| 2016-03-24 | CVE-2016-1787 | Information Exposure vulnerability in Apple mac OS X Server Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | 5.3 |
| 2016-03-24 | CVE-2016-1777 | Cryptographic Issues vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 7.5 |
| 2016-03-24 | CVE-2016-1776 | Improper Access Control vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | 5.3 |
| 2016-03-24 | CVE-2016-1774 | Improper Access Control vulnerability in Apple mac OS X Server The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | 5.3 |
| 2012-10-03 | CVE-2012-3489 | XXE vulnerability in multiple products The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. | 6.5 |
| 2011-06-24 | CVE-2011-0199 | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | 5.9 |
| 2011-06-21 | CVE-2011-1755 | XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |
| 2010-11-15 | CVE-2010-1378 | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | 9.8 |