Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2014-10-15 CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary 3.4
2020-12-14 CVE-2020-8285 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Mac_os_x, Macos, Debian_linux, Fedora, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire 7.5
2020-12-14 CVE-2020-8286 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Mac_os_x, Macos, Debian_linux, Fedora, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Simatic_tim_1531_irc_firmware 7.5
2017-03-27 CVE-2017-6458 Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Mac_os_x, Hpux\-Ntp, Ntp, Simatic_net_cp_443\-1_opc_ua_firmware 8.8
2008-08-06 CVE-2008-2939 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Http_server, Mac_os_x, Ubuntu_linux, Opensuse N/A
2009-06-08 CVE-2009-1955 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Apr\-Util, Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Http_server, Linux_enterprise_server N/A
2009-09-08 CVE-2009-3095 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Http_server, Mac_os_x, Debian_linux, Fedora, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server N/A
2011-05-16 CVE-2011-0419 Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Http_server, Portable_runtime, Mac_os_x, Freebsd, Android, Netbsd, Openbsd, Solaris N/A
2014-07-20 CVE-2014-0117 The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. Http_server, Mac_os_x N/A
2014-12-15 CVE-2014-3583 The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. Http_server, Mac_os_x, Os_x_server, Ubuntu_linux N/A