CVSS: 9.4EPSS: 2%CPEs: 12EXPL: 1CVE-2007-5862
https://notcve.org/view.php?id=CVE-2007-5862
18 Dec 2007 — Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. Java en Mac OS X 10.4 hasta la 10.4.11 permite a atacantes remotos evitar los controles de acceso a Keychain y añadir o borrar puntos Keychain a traves de applet de Java manipulados. • http://docs.info.apple.com/article.html?artnum=307177 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6261 – Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6261
06 Dec 2007 — Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Desbordamiento de entero en la función load_threadstack en el cargador Mach-O (mach_loader.c) del núcleo xnu en Apple Mac OS X 10.4 hasta 10.5.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito) mediante un binario Mach-O manipulado. • https://www.exploit-db.com/exploits/4689 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 96%CPEs: 40EXPL: 8CVE-2007-6166 – Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2007-6166
29 Nov 2007 — Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Un desbordamiento de búfer en la región stack de la memoria en Apple QuickTime anterior a la versión 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) e... • https://www.exploit-db.com/exploits/4648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 4%CPEs: 21EXPL: 0CVE-2007-4699
https://notcve.org/view.php?id=CVE-2007-4699
15 Nov 2007 — The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. La configuración por defecto de Safari en Apple Mac OS X 10.4 hasta 10.4.10 añade una clave privada a la cadena de claves con permisos que permiten a otras aplicaciones acceder a la clave sin avisar al usuario, lo cual podría permitir... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4701
https://notcve.org/view.php?id=CVE-2007-4701
15 Nov 2007 — WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. WebKit en Apple Mac OS X 10.4 hasta 10.4.10 no crea ficheros temporales de forma segura cuando Safari está previsualizando un fichero PDF, lo cual permite a usuarios locales leer el contenido de ese fichero. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 2%CPEs: 20EXPL: 0CVE-2007-4700
https://notcve.org/view.php?id=CVE-2007-4700
15 Nov 2007 — Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. Vulnerabilidad no especificada en WebKit de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos utilizar Safari como si fuera un proxy indirecto y enviar información controlada por el atacante a puertos TCP de su elección mediante vectores desconocidos. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4687
https://notcve.org/view.php?id=CVE-2007-4687
15 Nov 2007 — The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. El componente remote_cmds de Apple Mac OS X 10.4 hasta 10.4.10 contiene un enlace simbólico desde el directorio privado tftpboot al directorio root, lo cual permite a usuarios tftpd escapar del directorio privado y acceder a archivos de su elección. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-16: Configuration •
CVSS: 6.8EPSS: 4%CPEs: 24EXPL: 0CVE-2007-4680
https://notcve.org/view.php?id=CVE-2007-4680
15 Nov 2007 — CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. CFNetwork de Apple Mac OS X 10.3.9 Y 10.4 hasta 10.4.10 no valida adecuadamente los certificados, lo cual permite a atacantes remotos falsificar certificados SSL confiables mediante un ataque de hombre en medio (man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2007-4683
https://notcve.org/view.php?id=CVE-2007-4683
15 Nov 2007 — Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. Vulnerabilidad de salto de directorio en el núcleo de Apple Mac OS X 10.4 hasta 10.4.10 permite a usuarios locales evitar el mecanismo chroot mediante una ruta relativa cuando se cambia el directorio de trabajo actual. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4679
https://notcve.org/view.php?id=CVE-2007-4679
15 Nov 2007 — CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. CFFTP en CFNetwork para Apple Mac OS X 10.4 hasta 10.4.10 permite a servidores FTP remotos forzar a los clientes a conectarse a otro anfitrión mediante respuestas manipuladas a comandos FTP PASV. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •