CVSS: 10.0EPSS: 35%CPEs: 2EXPL: 0CVE-2007-4703
https://notcve.org/view.php?id=CVE-2007-4703
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. El Firewall de Aplicación en Apple Mac OS X versión 10.5, no previene a un proceso de root de aceptar conexiones entrantes, incluso cuando ha sido establecido "Block incoming connections" para su ejecutable asociado, lo que podría permitir a atacantes remotos o procesos de root locales omitir las restricciones de acceso previstas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26460 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38479 •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2007-4699
https://notcve.org/view.php?id=CVE-2007-4699
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. La configuración por defecto de Safari en Apple Mac OS X 10.4 hasta 10.4.10 añade una clave privada a la cadena de claves con permisos que permiten a otras aplicaciones acceder a la clave sin avisar al usuario, lo cual podría permitir a otras aplicaciones evitar las restricciones de acceso. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38485 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4700
https://notcve.org/view.php?id=CVE-2007-4700
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. Vulnerabilidad no especificada en WebKit de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos utilizar Safari como si fuera un proxy indirecto y enviar información controlada por el atacante a puertos TCP de su elección mediante vectores desconocidos. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38486 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4701
https://notcve.org/view.php?id=CVE-2007-4701
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. WebKit en Apple Mac OS X 10.4 hasta 10.4.10 no crea ficheros temporales de forma segura cuando Safari está previsualizando un fichero PDF, lo cual permite a usuarios locales leer el contenido de ese fichero. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38487 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4685
https://notcve.org/view.php?id=CVE-2007-4685
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." El núcle del Apple Mac OS X 10.4 hasta el 10.4.10 permite a usuarios locales obtener privilegios mediante la ejecución de los programas setuid o setgid en los cuales los ficheros descriptores stdio, stderr o stdout están en "un estado inesperado". • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38469 • CWE-264: Permissions, Privileges, and Access Controls •